Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AV Security and then some

Started by trillion5 , Nov 22 2011 07:55 PM

  • Please log in to reply

#1
trillion5
Posted 22 November 2011 - 07:55 PM

trillion5

    New Member

  • Member
  • Pip
  • 4 posts
Hi there,

My computer had AV Security pop up last week. I have no idea where it came from. I know it's bad... very bad... I have NOT given it permission to do anything or given it my credit card info to "clean" my computer so no worries there.

I have a PC with Windows XP. I have DSL. I have Avast for my security but it's been disabled -- firewall and email screening is down. It requests to have them turned on but I can't -- won't let me.

I can't connect to the internet -- currently doing this from a business center at my apartment complex. A friend sent me some links to try and I did. I went to bleepingcomputer.com and downloaded some fixes. The first one (tdskiller) was to get rid of AV Security. It seems to have mostly worked. It doesn't come up anymore but I'm not sure that's it's 100% done because it's supposed to give a certain message and doesn't. I tried the second step/program (rkill) to get rid of the root and I think it's been partially successful BUT I can't connect to the internet and it says (in the directions) that it's supposed to so that it can finish cleaning it out somehow.

Currently, I'm sure my computer is connected to the internet but it says that it isn't or it says that I need an IP address or that the website is unavailable (every site is).

HELP! I ran your program and this is the log:

OTL logfile created on: 11/22/2011 5:21:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Heather\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 570.62 Mb Available Physical Memory | 55.83% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.00 Gb Total Space | 32.33 Gb Free Space | 22.29% Space Free | Partition Type: NTFS
Drive D: | 477.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 15.11 Gb Total Space | 15.09 Gb Free Space | 99.90% Space Free | Partition Type: FAT32

Computer Name: DDXMW2B1 | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 12:05:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
PRC - [2011/11/12 01:48:40 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Heather\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/09/06 12:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/31 21:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/24 01:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/10/08 03:24:44 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 10:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1165958673\ee\aolsoftware.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/05/03 02:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/06/17 04:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/12/14 03:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 10:27:35 | 001,616,896 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11111501\algo.dll
MOD - [2011/11/15 03:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11111501\aswRep.dll
MOD - [2011/11/11 19:57:07 | 003,313,752 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_dac4cfd.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/10 13:18:56 | 000,090,592 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/24 01:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
MOD - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2008/06/03 00:36:06 | 000,114,688 | ---- | M] () -- c:\Program Files\Common Files\AOL\1165958673\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll
MOD - [2006/05/03 02:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/12/16 09:15:10 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbxPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/11/11 19:57:07 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_dac4cfd.dll -- (Akamai)
SRV - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/10 13:18:51 | 001,036,104 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/31 21:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/24 01:59:34 | 000,199,904 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/06/17 04:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2004/12/16 09:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 12:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 12:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 12:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 12:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 12:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 12:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 12:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/03/31 21:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C260(UVC)
DRV - [2011/03/31 21:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/24 13:18:49 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2007/05/14 22:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/11/16 18:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 02:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 02:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 02:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 02:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 02:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 02:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 02:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 09:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 09:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/04 01:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/11/17 18:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 13:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-rel&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2612669
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.0
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Heather\Local Settings\Application Data\RobloxVersions\version-7a404405e6f944e5\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Heather\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 19:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/22 00:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/02 22:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/02 22:36:00 | 000,000,000 | ---D | M]

[2009/07/24 23:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Extensions
[2009/07/24 23:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Extensions\[email protected]
[2011/11/01 18:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions
[2010/06/23 23:21:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/14 12:52:33 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/10/26 18:07:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/01 18:11:40 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/07/14 12:52:27 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/05/03 08:59:46 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions\[email protected]
[2011/07/14 01:31:15 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\extensions\[email protected]
[2010/08/01 18:05:28 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\searchplugins\askcom.xml
[2011/07/14 12:52:35 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\searchplugins\bing-zugo.xml
[2011/06/22 13:13:26 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\searchplugins\conduit.xml
[2010/07/22 16:30:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\uqp5uicc.default\searchplugins\mywebsearch.xml
[2011/11/09 19:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/22 00:07:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/22 00:05:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/09 19:48:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/22 00:05:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 20:29:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 19:48:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Heather\Local Settings\Application Data\RobloxVersions\version-7a404405e6f944e5\\NPRobloxProxy.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Heather\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DealPly = C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\

O1 HOSTS File: ([2011/11/18 00:46:59 | 000,001,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ??????????????? browser-security.microsoft.com
O1 - Hosts: ??????????????? antivirsystem.com
O1 - Hosts: ??????????????? www.antivirsystem.com
O1 - Hosts: 46.4.179.109 google.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 46.4.179.109 bing.com
O1 - Hosts: 46.4.179.109 facebook.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 46.4.179.109 bing.com
O1 - Hosts: 46.4.179.109 facebook.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 46.4.179.109 bing.com
O1 - Hosts: 46.4.179.109 facebook.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 46.4.179.109 bing.com
O1 - Hosts: 46.4.179.109 facebook.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 46.4.179.109 bing.com
O1 - Hosts: 46.4.179.109 facebook.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 46.4.179.109 bing.com
O1 - Hosts: 46.4.179.109 facebook.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 20 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ENNttxP0ucSib3p] C:\Documents and Settings\Heather\Application Data\dwme.exe File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165958673\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NQJJ6dEK8gRZhY8234A] C:\WINDOWS\system32\AV Security 2012v121.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Heather\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Heather\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1152654582062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.c...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0603B7AF-912E-46A7-B1B4-A59E3B89C4F5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DDA85E-0BF9-47C5-9631-A682727CBCFB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/23 11:03:29 | 000,000,048 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{457b34da-c3e1-11e0-8bf1-00038a000015}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe
O33 - MountPoints2\{457b34da-c3e1-11e0-8bf1-00038a000015}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008/06/23 11:03:29 | 001,261,160 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 17:20:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
[2011/11/18 23:25:14 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\91866890.sys
[2011/11/18 17:10:48 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67747760.sys
[2011/11/18 15:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\Malwarebytes
[2011/11/18 15:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/18 15:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/18 15:05:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/18 15:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/18 00:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\xCeekkIBrzO
[2011/11/18 00:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\a88ggRZqhYXwUVl
[2011/11/18 00:41:16 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44278755.sys
[2011/11/18 00:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\DAA11uvS2obFpm5
[2011/11/18 00:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\bqqqjYCCekBrzN
[2011/11/17 12:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\IPNNyccA1uv2
[2011/11/17 12:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\eL99hTTXqjUelBr
[2011/11/17 03:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\zG44aaQH6d
[2011/11/17 03:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\QWKK7ffRL9hXqU
[2011/11/17 00:09:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/16 23:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\xccAA1ivv2onFaH
[2011/11/16 23:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\IK88fRRL9hTwjCe
[2011/11/16 23:53:18 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\23540171.sys
[2011/11/16 19:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\JVrzONyxAuSoFpG
[2011/11/16 19:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\fD3onF4am6W7E
[2011/11/16 19:12:17 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\31884224.sys
[2011/11/16 18:48:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather\IECompatCache
[2011/11/16 18:39:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/16 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\EwwkkIVrzO
[2011/11/16 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\ANNttxA0uvS2bFp
[2011/11/16 16:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\kyyyxAA0uvSob3
[2011/11/16 16:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\jmmmG5ssQJdEKgZ
[2011/11/15 16:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\vhYXwkUVeOtPySi
[2011/11/15 16:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\mjYCekIVrOyAuSo
[2011/11/15 15:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\tGG44aQQH6WK7R9
[2011/11/15 15:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\HkkkIBrrzPyxAuD
[2011/11/15 15:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\vNtxA0ucSiFpGaJ
[2011/11/15 15:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\iivD3onF4m6W7E9
[2011/11/15 15:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\x222ibFF3pG5QJd
[2011/11/15 15:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\AVVrrzONtxA0
[2011/11/15 12:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\JSSS2iibF
[2011/11/15 12:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\dCCCwkkIVrzNtA0
[2011/11/15 12:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\BFpH55sQJ7dL8RZ
[2011/11/15 12:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\SllOONtxx0
[2011/11/01 14:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Local Settings\Application Data\Akamai
[6 C:\Documents and Settings\Heather\My Documents\*.tmp files -> C:\Documents and Settings\Heather\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/22 17:19:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/22 17:17:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/22 17:16:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/22 17:16:45 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/22 12:05:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
[2011/11/19 23:48:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/19 23:45:11 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/19 23:43:07 | 000,000,182 | -HS- | M] () -- C:\boot.ini
[2011/11/18 23:25:14 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\91866890.sys
[2011/11/18 23:06:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/18 18:42:25 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Heather.job
[2011/11/18 17:10:48 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67747760.sys
[2011/11/18 17:06:02 | 000,463,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/18 17:06:02 | 000,080,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/18 17:04:42 | 000,079,748 | ---- | M] () -- C:\VETlog.dmp
[2011/11/18 14:18:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/18 00:41:16 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44278755.sys
[2011/11/17 21:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 23:53:18 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\23540171.sys
[2011/11/16 19:12:17 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\31884224.sys
[2011/11/15 12:22:39 | 000,001,210 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\ldr.ini
[2011/11/13 16:47:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/09 20:41:57 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6 Install.lnk
[6 C:\Documents and Settings\Heather\My Documents\*.tmp files -> C:\Documents and Settings\Heather\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/18 16:24:47 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/18 15:05:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/15 12:22:38 | 000,001,210 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\ldr.ini
[2011/11/09 20:41:57 | 000,001,046 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6 Install.lnk
[2011/06/27 21:10:03 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Heather\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 21:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/03/31 21:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/03/31 21:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/03/31 20:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/08/22 10:43:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/03/14 18:36:55 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/14 18:33:42 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 16:50:09 | 000,058,604 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/19 18:57:48 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/07/19 18:57:48 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/07/19 18:57:48 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/10 14:59:07 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/09/12 19:02:40 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/07/15 14:14:42 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/18 22:08:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/12/12 13:16:52 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/01 20:02:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/09 21:23:28 | 000,000,742 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/10/09 21:21:47 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2006/10/09 21:21:47 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2006/10/09 21:21:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2006/10/09 21:21:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2006/10/09 21:21:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2006/10/09 21:21:42 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2006/10/09 21:21:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2006/10/09 21:21:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2006/10/09 21:21:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2006/07/14 22:50:35 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/14 22:50:35 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\090BD9EF56.sys
[2006/06/27 16:21:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/27 16:14:48 | 000,000,558 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/27 16:11:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/27 16:07:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/27 16:06:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/27 15:44:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2006/06/27 15:43:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/06/27 15:43:36 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/27 15:43:12 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/15 23:08:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 14:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 14:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 14:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 14:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 14:06:43 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 14:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 14:00:28 | 000,463,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 14:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 14:00:28 | 000,080,334 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 14:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 14:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 14:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 14:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 14:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 14:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 14:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 14:00:04 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/07/31 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/23 20:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/08/09 11:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2011/07/14 01:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/08/22 10:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/23 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/01/30 21:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/02 22:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/05 17:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 13:14:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/11 14:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/11/18 02:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\a88ggRZqhYXwUVl
[2011/11/16 16:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ANNttxA0uvS2bFp
[2011/11/15 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AVVrrzONtxA0
[2011/11/15 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\BFpH55sQJ7dL8RZ
[2011/11/18 00:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\bqqqjYCCekBrzN
[2011/11/18 00:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\DAA11uvS2obFpm5
[2011/11/15 12:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\dCCCwkkIVrzNtA0
[2011/11/17 12:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\eL99hTTXqjUelBr
[2011/11/16 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\EwwkkIVrzO
[2011/11/16 19:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\fD3onF4am6W7E
[2011/11/15 15:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\HkkkIBrrzPyxAuD
[2011/11/15 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\iivD3onF4m6W7E9
[2011/11/16 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IK88fRRL9hTwjCe
[2011/06/30 15:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IMVU
[2011/06/29 18:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IMVUClient
[2011/11/17 12:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IPNNyccA1uv2
[2011/11/16 16:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\jmmmG5ssQJdEKgZ
[2011/11/15 12:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\JSSS2iibF
[2011/11/16 19:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\JVrzONyxAuSoFpG
[2011/11/16 16:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\kyyyxAA0uvSob3
[2006/07/11 19:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Leadertech
[2010/08/21 23:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\LimeWire
[2011/11/15 16:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\mjYCekIVrOyAuSo
[2010/08/22 10:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\PriceGong
[2011/11/17 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\QWKK7ffRL9hXqU
[2010/07/23 19:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Runes of Avalon 2
[2010/01/15 18:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\runic games
[2011/06/29 15:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\SecondLife
[2011/11/15 12:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\SllOONtxx0
[2011/07/15 13:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\SPORE Creature Creator
[2011/11/15 15:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\tGG44aQQH6WK7R9
[2008/08/01 21:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Thunderbird
[2010/08/08 21:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Unity
[2011/11/15 16:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\vhYXwkUVeOtPySi
[2007/01/30 21:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Viewpoint
[2011/11/15 15:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\vNtxA0ucSiFpGaJ
[2011/11/15 15:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\x222ibFF3pG5QJd
[2011/11/16 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\xccAA1ivv2onFaH
[2011/11/18 00:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\xCeekkIBrzO
[2011/11/17 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\zG44aaQH6d
[2011/11/18 14:18:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0692342
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


Then I saw this. It's another report that says "EXTRAS":

OTL Extras logfile created on: 11/22/2011 5:21:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Heather\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 570.62 Mb Available Physical Memory | 55.83% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.00 Gb Total Space | 32.33 Gb Free Space | 22.29% Space Free | Partition Type: NTFS
Drive D: | 477.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 15.11 Gb Total Space | 15.09 Gb Free Space | 99.90% Space Free | Partition Type: FAT32

Computer Name: DDXMW2B1 | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1165958673\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1165958673\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Heather\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Heather\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1EEAEAD7-95F3-489C-AB71-D188D530A951}" = Wireless USB Card
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20F51690-133A-453C-B616-1C15AB2C0EF0}" = SBA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}" = Avid DVD Limited by Sonic
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F413D795-B077-4A96-AE75-810BBA673A0E}" = Microsoft Office Small Business Accounting 2006
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Runes of Avalon 2" = Runes of Avalon 2
"Championship Mah Jongg" = Championship Mah Jongg
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DealPly" = DealPly
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 962" = Dell Photo AIO Printer 962
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.5
"Logitech Vid" = Logitech Vid HD
"Mahjong Memoirs" = Mahjong Memoirs (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSS" = Norton Security Scan
"PhotoRecord" = Canon PhotoRecord
"PROSet" = Intel® PRO Network Connections Drivers
"Puzzle Quest1.01" = Puzzle Quest
"RealPlayer 12.0" = RealPlayer
"Runes of Avalon 2_is1" = Runes of Avalon 2
"Runic Games Torchlight" = Torchlight
"SecondLife" = SecondLife (remove only)
"StartNow Toolbar" = StartNow Toolbar 2.0
"Trillian" = Trillian
"TurboTax Basic 2007" = TurboTax Basic 2007
"UnityWebPlayer" = Unity Web Player
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Writing Your California Employee Handbook_is1" = Writing Your California Employee Handbook
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Heather
"Akamai" = Akamai NetSession Interface
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ PrivateBuild Events ]
Error - 11/18/2011 4:21:20 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 4:48:53 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 6:05:27 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 8:27:29 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 9:27:42 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/19/2011 2:56:45 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:37:03 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:40:43 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:51:58 AM | Computer Name = DDXMW2B1 | Source = Application Hang | ID = 1002
Description =

Error - 11/22/2011 9:19:23 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

[ Antivirus Events ]
Error - 5/30/2010 2:13:43 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 5/30/2010 3:01:04 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 5/30/2010 4:01:20 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 6/6/2010 11:51:01 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 6/6/2010 11:51:01 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 6/24/2010 5:56:04 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 6/24/2010 6:00:10 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 6/24/2010 6:11:43 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 6/26/2010 12:00:31 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

Error - 7/30/2010 3:45:52 PM | Computer Name = DDXMW2B1 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 11/18/2011 4:21:20 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 4:48:53 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 6:05:27 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 8:27:29 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 9:27:42 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/19/2011 2:56:45 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:37:03 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:40:43 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:51:58 AM | Computer Name = DDXMW2B1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/22/2011 9:19:23 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

[ Application Events ]
Error - 11/18/2011 4:21:20 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 4:48:53 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 6:05:27 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 8:27:29 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/18/2011 9:27:42 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/19/2011 2:56:45 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:37:03 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:40:43 AM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/20/2011 3:51:58 AM | Computer Name = DDXMW2B1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/22/2011 9:19:23 PM | Computer Name = DDXMW2B1 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 11/22/2011 9:20:35 PM | Computer Name = DDXMW2B1 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 11/22/2011 9:20:35 PM | Computer Name = DDXMW2B1 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 11/22/2011 9:21:05 PM | Computer Name = DDXMW2B1 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 11/22/2011 9:21:05 PM | Computer Name = DDXMW2B1 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 11/22/2011 9:21:35 PM | Computer Name = DDXMW2B1 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 11/22/2011 9:21:35 PM | Computer Name = DDXMW2B1 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 11/22/2011 9:22:05 PM | Computer Name = DDXMW2B1 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 11/22/2011 9:22:05 PM | Computer Name = DDXMW2B1 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 11/22/2011 9:22:35 PM | Computer Name = DDXMW2B1 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 11/22/2011 9:24:32 PM | Computer Name = DDXMW2B1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >

PLEASE HELP! I need my computer back. If there is anything else you need, please ask. I will likely have to get back to you tomorrow.

THANK YOU!!!
  • 0

Advertisements

#2
RKinner
Posted 22 November 2011 - 09:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ENNttxP0ucSib3p] C:\Documents and Settings\Heather\Application Data\dwme.exe File not found
O4 - HKLM..\Run: [NQJJ6dEK8gRZhY8234A] C:\WINDOWS\system32\AV Security 2012v121.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Heather\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/11/18 00:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\xCeekkIBrzO
[2011/11/18 00:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\a88ggRZqhYXwUVl
[2011/11/18 00:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\DAA11uvS2obFpm5
[2011/11/18 00:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\bqqqjYCCekBrzN
[2011/11/17 12:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\IPNNyccA1uv2
[2011/11/17 12:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\eL99hTTXqjUelBr
[2011/11/17 03:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\zG44aaQH6d
[2011/11/17 03:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\QWKK7ffRL9hXqU
[2011/11/16 23:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\xccAA1ivv2onFaH
[2011/11/16 23:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\IK88fRRL9hTwjCe
[2011/11/16 19:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\JVrzONyxAuSoFpG
[2011/11/16 19:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\fD3onF4am6W7E
[2011/11/16 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\EwwkkIVrzO
[2011/11/16 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\ANNttxA0uvS2bFp
[2011/11/16 16:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\kyyyxAA0uvSob3
[2011/11/16 16:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\jmmmG5ssQJdEKgZ
[2011/11/15 16:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\vhYXwkUVeOtPySi
[2011/11/15 16:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\mjYCekIVrOyAuSo
[2011/11/15 15:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\tGG44aQQH6WK7R9
[2011/11/15 15:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\HkkkIBrrzPyxAuD
[2011/11/15 15:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\vNtxA0ucSiFpGaJ
[2011/11/15 15:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\iivD3onF4m6W7E9
[2011/11/15 15:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\x222ibFF3pG5QJd
[2011/11/15 15:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\AVVrrzONtxA0
[2011/11/15 12:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\JSSS2iibF
[2011/11/15 12:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\dCCCwkkIVrzNtA0
[2011/11/15 12:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\BFpH55sQJ7dL8RZ
[2011/11/15 12:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\SllOONtxx0
[2011/11/18 02:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\a88ggRZqhYXwUVl
[2011/11/16 16:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ANNttxA0uvS2bFp
[2011/11/15 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AVVrrzONtxA0
[2011/11/15 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\BFpH55sQJ7dL8RZ
[2011/11/18 00:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\bqqqjYCCekBrzN
[2011/11/18 00:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\DAA11uvS2obFpm5
[2011/11/15 12:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\dCCCwkkIVrzNtA0
[2011/11/17 12:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\eL99hTTXqjUelBr
[2011/11/16 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\EwwkkIVrzO
[2011/11/16 19:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\fD3onF4am6W7E
[2011/11/15 15:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\HkkkIBrrzPyxAuD
[2011/11/15 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\iivD3onF4m6W7E9
[2011/11/16 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IK88fRRL9hTwjCe
[2011/11/17 12:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IPNNyccA1uv2
[2011/11/16 16:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\jmmmG5ssQJdEKgZ
[2011/11/15 12:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\JSSS2iibF
[2011/11/16 19:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\JVrzONyxAuSoFpG
[2011/11/16 16:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\kyyyxAA0uvSob3
[2011/11/15 16:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\mjYCekIVrOyAuSo
[2011/11/17 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\QWKK7ffRL9hXqU
[2011/11/15 12:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\SllOONtxx0
[2011/11/15 15:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\tGG44aQQH6WK7R9
[2011/11/15 16:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\vhYXwkUVeOtPySi
[2011/11/15 15:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\vNtxA0ucSiFpGaJ
[2011/11/15 15:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\x222ibFF3pG5QJd
[2011/11/16 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\xccAA1ivv2onFaH
[2011/11/18 00:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\xCeekkIBrzO
[2011/11/17 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\zG44aaQH6d

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Click on the Avast ball (or go Start, All Programs,Avast free Antivirus, Avast Free Antivirus). Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?



**********************
For your Internet if it still doesn't work:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box: 


ipconfig  /flushdns
netsh  winsock  reset  catalog
netsh  int  ip  reset  reset.log
(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box: 

proxycfg  -d
ipconfig  /all
ipconfig  /release
ipconfig  /renew
ipconfig  /all

Report any errors you get and the IP addresses of the last ipconfig /all

******************************


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
trillion5
Posted 26 November 2011 - 04:00 PM

trillion5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry I couldn't get back to you sooner -- didn't have computer access during Thanksgiving/day after.

First, I did the text box with OTL. When it started, I got an error message/pop-up:
Access violation at address 77697493 in module 'NTMARTA.DLL', Read of address 00000010.

It had an "OK" button and seemed to freeze everything up. I hit the button and it all stayed frozen. We did a hard reboot and started the process again. The message did NOT pop-up this time and everything seemed to go fine. You said, at the end of this process, we'd get a log. It didn't happen and it also didn't fix the problem. Maybe it was my fault for hitting the OK... if so, sorry. I was just trying to un-freeze it all.

The next thing on the list started with "click on the Avast ball..." We did that and let it run. It didn't find any.

Fix #3 was the first set of code to type in. It went smoothly and didn't work either.

Fix #4 I didn't do this one but I know it didn't work either. He didn't write down anything so not much must have shown up.

Fix #5 was the next set of code to type in. I did get an error message this time...
An error occurred while renewing interface Local Area Connection 3: The RPC Server is unavailable.

I also found this to be a bit weird...
IP Routing Enabled -- says NO
WINS Proxy Enabled -- says NO
Physical Address 00-13-72-19-27-08
IP Address 0.0.0.0
Subnet Mask 0.0.0.0
Default Gateway -- was simply blank afterwards
DHCP Server 0.0.0.0

I think he did the click on Avast ball instructions right after this last set of code instructions but it didn't help.

I hadn't downloaded all the Malwarebytes' stuff yet. I'm going to do that now and keep trying.

I think the biggest problem seems to be that there's no IP address or the computer can't find it. The computer seems to be working decently and actually booting up faster than it was but it can't find the internet. It keeps coming back with not having an IP address.

I hope this is useful info. I will keep trying with the downloads next. I'm not sure they'll work but... I'll check back in afterwards.

Thank you.
  • 0

#4
RKinner
Posted 26 November 2011 - 05:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, Run, cmd, OK then type with an Enter after each line:


net  start  dhcp

Does it say it is started already or does it give you another error?

Ron
  • 0

#5
trillion5
Posted 27 November 2011 - 05:34 PM

trillion5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I'm posting for my friend after getting thier networking running again. The DHCP service wasn't starting because the AFD.sys driver was not getting loaded. We had to replace the AFD registry entries with a clean set (copied from a known good computer). Once that was resolved we are getting an address again.
Unfortunately Firefox is giving a pop up message that the page is being redirected when loading google.com and here at these forums so it sounds like the redirector is still intact. It doesn't say where its redirecting to, but at least Firefox is giving a chance to stop it.
I'm having them redo the TDSSkiller process one more time since they have network access this time.

-Ash
  • 0

#6
RKinner
Posted 27 November 2011 - 06:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
TDSSKiller has a new option in the latest version.

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

Don't change it from SKIP when it finds stuff. It is getting a lot of false positives in this mode so let me see the log file before we let it do anything.
  • 0

#7
trillion5
Posted 27 November 2011 - 08:50 PM

trillion5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ash again posting for trillion5.

Ran TDSSkiller with default settings, found nothing. Then ran malwarebytes. Grabbed a bunch of updates for the first time then found 8 infections (5 files, 3 registry related) and cleaned them. Still getting the popup bar in Firefox that asks if you want to allow the website to be redirected on several sites including this one. Found out that this is an accessibility option in Firefox and the same websites on my own (clean) computer in another city give the same popup for these websites so I had trillion5 disable it.

Everything seemed clean until we went to post a reply here and they weren't able to log in. They enter their username and password and after it says they successfully logged in, it goes back to the original page and asks for you to log in again.

TDSSKiller has a new option in the latest version.

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

Don't change it from SKIP when it finds stuff. It is getting a lot of false positives in this mode so let me see the log file before we let it do anything.


Ran TDSSkill again as requested with all parameters on and it sees 12 more items as medium risk unsigned files. All of these are services.
DLANOIOM
DLACDBHM
DLADResN
DLAIFS_M
DLAOPIOM
DLAPoolM
DLARTL_N
DLAUDFAM
DLAUDF_M
DRVMCDB
DRVNDDM
USBAAPL

(Had to transcribe these via text message so there might be misspelling or 2)
From some quick checks the DLA* seem to be CD burning services, and the USB* is an ipod related service. Don't know about the DRV* but I suspect these are all false positives.

So any ideas about what would prevent the login?

-Ash
  • 0

#8
RKinner
Posted 27 November 2011 - 09:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No idea why it doesn't log in. I know it doesn't like it if two PC are logged in with the same id.

Have you tried a different browser?

Would like to see a new OTL, quickscan, and the Combofix log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP