[Imperfect]

I know this I shouldn't be posting this topic in this category but the Malware Removal category won't let me post... Anyway, I've been getting pop-up windows from ad sites and Firefox (my default browser) has been crashing every time I try to load it (this happens once and then the next time I open it it seems to work okay). I have a feeling I got infected by clicking on sponsored links (somebody told me that if they lead to a trusted site, such as homedepot.com then they're safe to use, but I'm beginning to think that was false information). Can somebody please help me clean up my computer?

[Advertisements]

Hello, Imperfect, and welcome to GeeksToGo! Before I can help you, please do the following:

Please follow the steps in this topic, and post back with an HijackThis log and MBAM (Malware Byte's Anti-Malware) log if you are still having problems and I will look over the log for you.

[handhfan]

Hello, Imperfect, and welcome to GeeksToGo! Before I can help you, please do the following:

Please follow the steps in this topic, and post back with an HijackThis log and MBAM (Malware Byte's Anti-Malware) log if you are still having problems and I will look over the log for you.

[Imperfect]

Here's my MBAM log (I'll be posting the hijack this log soon):

Malwarebytes' Anti-Malware 1.33
Database version: 1690
Windows 5.1.2600 Service Pack 3

1/24/2009 7:15:29 PM
mbam-log-2009-01-24 (19-15-29).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 134455
Time elapsed: 1 hour(s), 55 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Imperfect]

Here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:55 PM, on 1/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...mp;ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [TRxRun] "C:\Program Files\NCH Swift Sound\TRx\trx.exe" -logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8084 bytes

[handhfan]

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

The log for OTListIt2 will be very long and may not fit in one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply.

[Imperfect]

here's the log OTListIt log:


OTListIt logfile created on: 1/24/2009 7:29:10 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Noelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 482.07 Mb Available Physical Memory | 47.54% Memory free
2.39 Gb Paging File | 1.86 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 82.24 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEVIN-NC3KOUBZU
Current User Name: Noelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe (DigitalPersona, Inc.)
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
C:\Program Files\DigitalPersona\Bin\DpHost.exe (DigitalPersona, Inc.)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation)
C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe (DigitalPersona, Inc.)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe (DigitalPersona, Inc.)
C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Documents and Settings\Noelle\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
(avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
(avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
(avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(brmfrmps [Auto | Running]) -- C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
(Brother XP spl Service [Auto | Running]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(DPFUSMgr [Auto | Running]) -- C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe (DigitalPersona, Inc.)
(DpHost [Auto | Running]) -- C:\Program Files\DigitalPersona\Bin\DpHost.exe (DigitalPersona, Inc.)
(IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
(vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
(WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
(WSearch [Auto | Running]) -- C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(Aavmker4 [System | Running]) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
(ASPI32 [System | Running]) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
(aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
(aswMon2 [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
(aswRdr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
(aswSP [System | Running]) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
(aswTdi [System | Running]) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
(BrScnUsb [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
(BrSerIf [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
(BrUsbSer [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
(cdrbsdrv [System | Running]) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
(ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
(dpK0Bx01 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\dpK0Bx01.sys (DigitalPersona, Inc.)
(drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
(drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
(E100B [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(ialm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
(IntelC51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
(IntelC52 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
(IntelC53 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
(MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
(mohfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
(OMCI [System | Running]) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
(ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
(P17 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
(SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
(sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
(ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
(tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
(tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
(tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
(tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
(tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
(tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
(tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
(tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
(tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
(UsbdpFP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\UsbdpFP.sys (DigitalPersona, Inc.)
(vsdatant [System | Running]) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...mp;ltmplcache=2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1275210071-1580818891-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1275210071-1580818891-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1275210071-1580818891-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-1275210071-1580818891-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...mp;ltmplcache=2
HKU\S-1-5-21-1275210071-1580818891-725345543-1005\S-1-5-21-1275210071-1580818891-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-1275210071-1580818891-725345543-1005\S-1-5-21-1275210071-1580818891-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005\..\Toolbar: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TRxRun] "C:\Program Files\NCH Swift Sound\TRx\trx.exe" -logon File not found
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005..\Run: [Sonic RecordNow!] File not found
O4 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: www.malwaresupport.com (https in Trusted sites)
O15 - HKCU\..Trusted Sites: 306 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005\..Trusted Sites: www.malwaresupport.com (https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1580818891-725345543-1005\..Trusted Sites: 306 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
DPWLN : "DllName" = C:\WINDOWS\System32\DPWLEvHd.dll -- C:\WINDOWS\system32\DPWLEvHd.dll (DigitalPersona, Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
NavLogon: "DllName" = C:\WINDOWS\System32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll ()
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/24 19:25:48 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noelle\Desktop\OTListIt2.exe
[2009/01/21 17:24:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/01/19 17:16:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/19 17:15:38 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Noelle\Desktop\NTREGOPT.lnk
[2009/01/19 17:15:38 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Noelle\Desktop\ERUNT.lnk
[2009/01/19 17:15:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/01/19 17:15:13 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Noelle\Desktop\erunt_setup.exe
[2009/01/19 17:13:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Noelle\Desktop\SysRestorePoint_v13
[2009/01/19 17:13:19 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Noelle\Desktop\SysRestorePoint_v13.zip
[2009/01/11 14:54:32 | 00,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nszD.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsyA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsxA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nswA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsuA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsu9.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsr11.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsqC.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsnE0.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsnA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsn13A.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nslF.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nseB.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nse17.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsc9.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\nsb10.dll
[2008/12/27 23:54:56 | 00,001,327 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2008/12/27 23:38:16 | 00,000,068 | ---- | C] () -- C:\WINDOWS\HTCHPOST.INI
[2008/12/27 23:37:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BP.INI
[2008/12/27 23:30:56 | 00,000,970 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/12/27 23:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Noelle\Desktop\ThreePoint-1
[2008/12/27 22:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It! 10

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/24 19:28:20 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/24 19:26:42 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Noelle\Desktop\Microsoft Office Word 2003.lnk
[2009/01/24 19:25:48 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noelle\Desktop\OTListIt2.exe
[2009/01/24 19:21:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/24 16:58:39 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/24 16:57:42 | 00,348,370 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/01/24 16:57:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/24 16:57:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/19 17:15:38 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Noelle\Desktop\NTREGOPT.lnk
[2009/01/19 17:15:38 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Noelle\Desktop\ERUNT.lnk
[2009/01/19 17:15:15 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Noelle\Desktop\erunt_setup.exe
[2009/01/19 17:13:19 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Noelle\Desktop\SysRestorePoint_v13.zip
[2009/01/19 00:08:20 | 05,866,338 | -H-- | M] () -- C:\Documents and Settings\Noelle\Local Settings\Application Data\IconCache.db
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/13 22:10:53 | 00,000,970 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2009/01/13 22:10:47 | 00,001,327 | ---- | M] () -- C:\WINDOWS\EntPack.dat
[2009/01/13 19:08:29 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/11 14:54:32 | 00,000,051 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2009/01/10 13:28:57 | 00,085,265 | ---- | M] () -- C:\WINDOWS\System32\cont_adssite-remove.exe
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/31 00:03:34 | 00,000,068 | ---- | M] () -- C:\WINDOWS\HTCHPOST.INI
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nszD.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsyA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsxA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nswA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsuA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsu9.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsr11.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsqC.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsnE0.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsnA.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsn13A.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nslF.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nseB.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nse17.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsc9.dll
[2008/12/30 07:15:06 | 00,685,056 | ---- | M] () -- C:\WINDOWS\System32\nsb10.dll
[2008/12/28 13:22:17 | 00,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 23:37:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\BP.INI
[2008/12/27 22:30:03 | 00,063,056 | ---- | M] () -- C:\Documents and Settings\Noelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== LOP Check ==========

[2008/12/20 17:49:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/22 13:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/01 16:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/02/02 20:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/03/24 15:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/20 17:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2008/09/26 13:52:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/02/03 14:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2008/06/10 20:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/11 15:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/08/20 11:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/21 17:24:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/12/30 16:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/12/13 18:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/12/13 23:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2006/12/29 01:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/07 14:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/02/03 12:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/12/13 23:04:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/29 02:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/12/04 22:49:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dad\Application Data
[2008/10/05 22:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Adobe
[2008/05/31 10:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\AdobeUM
[2007/02/03 19:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Apple Computer
[2007/04/09 17:40:07 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Dad\Application Data\Brother
[2006/12/29 03:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\DigitalPersona
[2008/03/21 16:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\FileMaker
[2008/09/08 21:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Google
[2007/01/27 14:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Help
[2006/12/29 01:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Identities
[2007/01/07 18:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Leadertech
[2007/04/04 18:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Macromedia
[2008/08/20 11:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Malwarebytes
[2008/08/20 13:01:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Dad\Application Data\Microsoft
[2008/09/24 18:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla
[2007/08/15 18:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\NCH Swift Sound
[2007/02/03 15:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\OLYMPUS
[2007/01/07 18:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Sonic
[2007/05/04 13:04:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Sun
[2008/09/03 18:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Windows Desktop Search
[2008/12/04 22:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Windows Search
[2006/12/28 18:46:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/04/16 15:32:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2008/11/01 15:08:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kevin\Application Data
[2008/12/22 10:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Adobe
[2007/07/10 18:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\AdobeUM
[2007/07/06 14:07:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Apple Computer
[2008/11/01 15:08:15 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Kevin\Application Data\Brother
[2006/12/29 12:44:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DigitalPersona
[2008/10/02 17:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Google
[2006/12/29 12:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Identities
[2007/05/20 12:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Macromedia
[2008/10/02 17:45:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kevin\Application Data\Microsoft
[2008/10/02 17:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Mozilla
[2006/12/29 12:44:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sonic
[2007/07/03 12:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sun
[2008/10/02 17:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Desktop Search
[2008/08/20 13:02:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2007/02/03 14:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2008/08/30 19:28:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/22 15:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/11/08 15:04:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mom\Application Data
[2008/10/11 13:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Adobe
[2007/08/07 11:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AdobeUM
[2008/11/07 21:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Apple Computer
[2007/03/27 16:52:05 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Mom\Application Data\Brother
[2008/09/30 11:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/12/29 16:05:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DigitalPersona
[2007/03/19 17:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FileMaker
[2008/09/22 19:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Google
[2006/12/29 16:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Identities
[2008/11/08 15:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2007/06/23 16:16:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Macromedia
[2008/11/01 11:24:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Mom\Application Data\Microsoft
[2008/09/27 12:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Mozilla
[2007/03/03 19:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSN6
[2008/11/08 15:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sonic
[2008/03/08 16:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sun
[2008/09/02 04:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Windows Desktop Search
[2006/12/29 01:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/08/20 13:01:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/07 14:46:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Noelle\Application Data
[2008/10/05 15:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Adobe
[2007/07/25 21:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\AdobeUM
[2008/04/06 14:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Apple Computer
[2007/01/31 18:26:46 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Noelle\Application Data\Brother
[2008/09/30 11:26:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/01/05 23:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\DigitalPersona
[2008/04/28 15:45:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\FileMaker
[2008/09/04 15:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Google
[2007/03/17 17:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Help
[2007/01/05 23:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Identities
[2008/09/26 13:52:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\iolo
[2007/03/05 14:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Leadertech
[2007/04/05 12:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Macromedia
[2008/08/30 12:27:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Malwarebytes
[2008/12/27 22:30:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Noelle\Application Data\Microsoft
[2008/09/24 14:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Mozilla
[2007/03/23 14:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Sonic
[2007/09/29 11:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Sun
[2008/11/07 14:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\SUPERAntiSpyware.com
[2008/08/30 19:28:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Windows Desktop Search
[2008/08/31 19:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noelle\Application Data\Windows Search
[2008/09/04 10:15:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/07/16 11:31:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/24 16:57:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
< End of report >

[Imperfect]

Here's the Extras log:

OTListIt Extras logfile created on: 1/24/2009 7:29:10 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Noelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 482.07 Mb Available Physical Memory | 47.54% Memory free
2.39 Gb Paging File | 1.86 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 82.24 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEVIN-NC3KOUBZU
Current User Name: Noelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F85A4D-03CC-428A-80A4-880228646518}" = Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{722879A6-3EC9-498F-9E0C-8F04A793A877}" = DigitalPersona Password Manager 1.0.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Arthur's 1st Grade" = Arthur's 1st Grade
"avast!" = avast! Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"cont_adssite" = Contextual Tool Adssite
"Easy DVD Shrink" = Easy DVD Shrink
"E-Report Card" = E-Report Card
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Beta 2
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWGU Messenger 2.5.8" = MyWGU Messenger 2.5.8
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PROSet" = Intel® PRO Network Connections Drivers
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL failed, 00000005.

Error - 12/9/2008 11:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL failed, 00000005.

[ Application Events ]
Error - 12/9/2008 11:28:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2008 11:29:07 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2008 11:29:11 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2008 12:19:40 AM | Computer Name = KEVIN-NC3KOUBZU | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\NOELLE\MY DOCUMENTS\SCHOOL\10TH
GRADE\AP WORLD HISTORY\DECEMBER\DBQ ESSAY 12-14-08.DOC> in the hash map cannot
be updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 12/20/2008 3:19:57 PM | Computer Name = KEVIN-NC3KOUBZU | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 11 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action FilesInUseDialog,
location: C:\WINDOWS\Installer\MSI21.tmp, command: C:\Program Files\Java\jre6\

Error - 12/20/2008 3:20:49 PM | Computer Name = KEVIN-NC3KOUBZU | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 11 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action FilesInUseDialog,
location: C:\WINDOWS\Installer\MSI2A.tmp, command: C:\Program Files\Java\jre6\

Error - 12/22/2008 11:42:21 AM | Computer Name = KEVIN-NC3KOUBZU | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/29/2008 2:59:24 AM | Computer Name = KEVIN-NC3KOUBZU | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\NOELLE\MY DOCUMENTS\ENTERTAINMENT\MY
MUSIC\ITUNES\ITUNES MUSIC\UNKNOWN ARTIST\UNKNOWN ALBUM\SEVENNATIONARMY.MP4> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 12/29/2008 10:56:11 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\NOELLE\MY DOCUMENTS\ENTERTAINMENT\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 12/30/2008 11:51:33 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\NOELLE\MY DOCUMENTS\ENTERTAINMENT\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

[ System Events ]
Error - 1/4/2009 5:54:37 PM | Computer Name = KEVIN-NC3KOUBZU | Source = DCOM | ID = 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.

Error - 1/18/2009 3:17:41 PM | Computer Name = KEVIN-NC3KOUBZU | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/18/2009 3:17:41 PM | Computer Name = KEVIN-NC3KOUBZU | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/18/2009 3:17:57 PM | Computer Name = KEVIN-NC3KOUBZU | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/18/2009 3:17:57 PM | Computer Name = KEVIN-NC3KOUBZU | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/18/2009 6:44:22 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Print | ID = 6161
Description = The document FF-CLD-CALLA302.pdf owned by Mom failed to print on printer
Brother MFC-3240C USB Printer. Data type: NT EMF 1.008. Size of the spool file
in bytes: 5899844. Number of bytes printed: 5899764. Total number of pages in the
document: 1. Number of pages printed: 0. Client machine: \\KEVIN-NC3KOUBZU. Win32
error code returned by the print processor: 995 (0x3e3).

Error - 1/19/2009 10:24:24 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Print | ID = 6161
Description = The document Strategies and Resources fo... owned by Mom failed to
print on printer Brother MFC-3240C USB Printer. Data type: NT EMF 1.008. Size of
the spool file in bytes: 2359296. Number of bytes printed: 1495784. Total number
of pages in the document: 43. Number of pages printed: 0. Client machine: \\KEVIN-NC3KOUBZU.
Win32 error code returned by the print processor: 995 (0x3e3).

Error - 1/21/2009 6:24:32 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SD/MMC Card
Reader USB Device.

Error - 1/21/2009 6:24:34 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SD/MMC Card
Reader USB Device.

Error - 1/22/2009 9:57:05 PM | Computer Name = KEVIN-NC3KOUBZU | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183


< End of report >

[handhfan]

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Files
  C:\WINDOWS\System32\nszD.dll
  C:\WINDOWS\System32\nsyA.dll
  C:\WINDOWS\System32\nsxA.dll
  C:\WINDOWS\System32\nswA.dll
  C:\WINDOWS\System32\nsuA.dll
  C:\WINDOWS\System32\nsu9.dll
  C:\WINDOWS\System32\nsr11.dll
  C:\WINDOWS\System32\nsqC.dll
  C:\WINDOWS\System32\nsnE0.dll
  C:\WINDOWS\System32\nsnA.dll
  C:\WINDOWS\System32\nsn13A.dll
  C:\WINDOWS\System32\nslF.dll
  C:\WINDOWS\System32\nseB.dll
  C:\WINDOWS\System32\nse17.dll
  C:\WINDOWS\System32\nsc9.dll
  C:\WINDOWS\System32\nsb10.dll
  C:\WINDOWS\brmx2001.ini
  
  :Commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply, along with the OTMoveIt3 log, and a new HijackThis log.

[Imperfect]

This is my log from OTMoveIt3:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\System32\nszD.dll unregistered successfully.
C:\WINDOWS\System32\nszD.dll moved successfully.
C:\WINDOWS\System32\nsyA.dll unregistered successfully.
C:\WINDOWS\System32\nsyA.dll moved successfully.
C:\WINDOWS\System32\nsxA.dll unregistered successfully.
C:\WINDOWS\System32\nsxA.dll moved successfully.
C:\WINDOWS\System32\nswA.dll unregistered successfully.
C:\WINDOWS\System32\nswA.dll moved successfully.
C:\WINDOWS\System32\nsuA.dll unregistered successfully.
C:\WINDOWS\System32\nsuA.dll moved successfully.
C:\WINDOWS\System32\nsu9.dll unregistered successfully.
C:\WINDOWS\System32\nsu9.dll moved successfully.
C:\WINDOWS\System32\nsr11.dll unregistered successfully.
C:\WINDOWS\System32\nsr11.dll moved successfully.
C:\WINDOWS\System32\nsqC.dll unregistered successfully.
C:\WINDOWS\System32\nsqC.dll moved successfully.
C:\WINDOWS\System32\nsnE0.dll unregistered successfully.
C:\WINDOWS\System32\nsnE0.dll moved successfully.
C:\WINDOWS\System32\nsnA.dll unregistered successfully.
C:\WINDOWS\System32\nsnA.dll moved successfully.
C:\WINDOWS\System32\nsn13A.dll unregistered successfully.
C:\WINDOWS\System32\nsn13A.dll moved successfully.
C:\WINDOWS\System32\nslF.dll unregistered successfully.
C:\WINDOWS\System32\nslF.dll moved successfully.
C:\WINDOWS\System32\nseB.dll unregistered successfully.
C:\WINDOWS\System32\nseB.dll moved successfully.
C:\WINDOWS\System32\nse17.dll unregistered successfully.
C:\WINDOWS\System32\nse17.dll moved successfully.
C:\WINDOWS\System32\nsc9.dll unregistered successfully.
C:\WINDOWS\System32\nsc9.dll moved successfully.
C:\WINDOWS\System32\nsb10.dll unregistered successfully.
C:\WINDOWS\System32\nsb10.dll moved successfully.
C:\WINDOWS\brmx2001.ini moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\etilqs_SeZersUe6yuxQeR448zt scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\~DF38E5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\unp48638142.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2a8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_724.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT05b7f.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01252009_163325

Files moved on Reboot...
File C:\DOCUME~1\Noelle\LOCALS~1\Temp\etilqs_SeZersUe6yuxQeR448zt not found!
C:\DOCUME~1\Noelle\LOCALS~1\Temp\~DF38E5.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\_avast4_\unp48638142.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_2a8.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_724.dat moved successfully.
File C:\WINDOWS\temp\ZLT05b7f.TMP not found!
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\XUL.mfl moved successfully.

[handhfan]

Don't forget to run a scan with Kaspersky as well.

[Imperfect]

Here's my Kaspersky Scan Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 25, 2009 23:05:14
Records in database: 1695669
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 69993
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:14:59


File name / Threat name / Threats count
C:\Documents and Settings\Noelle\Local Settings\Temporary Internet Files\Content.IE5\MSPJ3A1R\e-control-080618[1].htm Infected: Trojan-Downloader.JS.Iframe.aey 1

The selected area was scanned.

[Imperfect]

This is my Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:34 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...mp;ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [TRxRun] "C:\Program Files\NCH Swift Sound\TRx\trx.exe" -logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8048 bytes

[handhfan]

• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Files
  C:\Documents and Settings\Noelle\Local Settings\Temporary Internet Files\Content.IE5\MSPJ3A1R\e-control-080618[1].htm
  
  :Commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[Imperfect]

This is the log from OTMoveIt3:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\Noelle\Local Settings\Temporary Internet Files\Content.IE5\MSPJ3A1R\e-control-080618[1].htm moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\hsperfdata_Noelle\3448 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\hsperfdata_Noelle\584 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\etilqs_RvyawcYttUMfloOAUiW4 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Noelle\LOCALS~1\Temp\~DF425F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\unp176700659.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_720.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_74.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0606d.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Noelle\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-7304d1cf scheduled to be deleted on reboot.
Java cache emptied.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01252009_204507

Files moved on Reboot...
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\FSSync.dll
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kave.dll
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\lha.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MailMsg.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prLoader.dll
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\rar.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\Noelle\LOCALS~1\Temp\jkos-Noelle\binaries\WDiskIO.ppl moved successfully.
File C:\DOCUME~1\Noelle\LOCALS~1\Temp\hsperfdata_Noelle\3448 not found!
File C:\DOCUME~1\Noelle\LOCALS~1\Temp\hsperfdata_Noelle\584 not found!
File C:\DOCUME~1\Noelle\LOCALS~1\Temp\etilqs_RvyawcYttUMfloOAUiW4 not found!
C:\DOCUME~1\Noelle\LOCALS~1\Temp\~DF425F.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\_avast4_\unp176700659.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_720.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_74.dat not found!
File C:\WINDOWS\temp\ZLT0606d.TMP not found!
C:\Documents and Settings\Noelle\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-7304d1cf moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Noelle\Local Settings\Application Data\Mozilla\Firefox\Profiles\jsxtytmp.default\XUL.mfl moved successfully.

[handhfan]

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

• Make sure you have an Internet Connection.
• Download OTCleanIt to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard gives you realtime protection from spyware.
• Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
• Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!