Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yahoo Re-direct / Scan keeps finding Troj/JSRedirect-O


  • Please log in to reply

#1
ascollick

ascollick

    Member

  • Member
  • PipPip
  • 30 posts
Hi,

I keep getting re-directed with my yahoo searches and I keep getting internet explorer error messages that kick me off. My webroot program is not finding a re-direct virus and I ran the Windows program also and nothing was detected ...can anyone help :) Please and thanks ! Amber

Here are the logs ;

MBAM

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/19/2009 11:21:33 PM
mbam-log-2009-04-19 (23-21-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 204964
Time elapsed: 2 hour(s), 42 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Rootkit Log ;

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:72606 Mo/Free:2998 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 04/19/2009|23:33

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\Motive\McciCMService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
---------- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
---------- C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe
---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
---------- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
---------- C:\Program Files\Real\RealPlayer\RealPlay.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
---------- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
---------- C:\WINDOWS\system32\hphmon05.exe
---------- C:\Program Files\Yahoo!\browser\ybrwicon.exe
---------- C:\PROGRA~1\Yahoo!\browser\ycommon.exe
---------- C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
---------- C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
---------- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
---------- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
---------- C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/19/2009|23:34

----------------------\\ Scan completed at 23:34

Today ( Tuesday )

My scan found this virus Troj / JSRedirect ; this has been found 3 times now and keeps coming back after being quarantined..

THANKS !

Edited by ascollick, 21 April 2009 - 07:56 AM.

  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick and welcome to Geeks to go. :)
Sorry about the delay.



  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thanks so much for your help !

Here is the OTList.TXT

OTListIt logfile created on: 4/23/2009 11:04:31 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Amber Scollick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 94.12 Mb Available Physical Memory | 18.46% Memory free
1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.32% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.90 Gb Total Space | 47.27 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBCKJ981
Current User Name: Amber Scollick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe ()
PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
PRC - C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe ()
PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Amber Scollick\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NNServ [Auto | Stopped]) -- File not found
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssfs0bbc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5


[2008/12/17 09:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\mozilla\Extensions
[2008/12/17 09:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/17 09:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\mozilla\Firefox\Profiles\lyeeb6ep.default\extensions

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" (Motive Communications, Inc.)
O4 - HKLM..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" (ALWIL Software)
O4 - HKLM..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" ()
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" (HP)
O4 - HKLM..\Run: [HPHmon05] "C:\WINDOWS\system32\hphmon05.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" (Musicmatch Inc.)
O4 - HKLM..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" ()
O4 - HKLM..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe" (Yahoo!, Inc.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" ( )
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\_vti_cnf [2008/01/02 23:07:40 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Amber Scollick\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Amber Scollick\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Amber Scollick\Start Menu\Programs\Startup\PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll (Yahoo! Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199311843942 (MUWebControl Class)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/23 11:02:46 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amber Scollick\Desktop\OTListIt2.exe
[2009/04/23 10:59:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/22 23:24:03 | 00,009,989 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\scan.docx
[2009/04/22 11:10:28 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\Seller Inspection Response.doc
[2009/04/21 14:26:03 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/21 14:26:00 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/21 14:25:58 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/21 14:25:53 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/21 14:25:43 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/21 14:25:27 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/21 14:25:27 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/21 14:25:25 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/21 14:25:25 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/21 14:24:16 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/21 14:24:16 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/21 14:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/19 23:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/04/19 23:55:03 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/04/19 23:32:52 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\Desktop\Rooter.exe
[2009/04/19 23:30:50 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/19 23:03:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/19 22:59:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/19 22:45:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/19 22:42:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/04/19 22:32:19 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/19 20:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amber Scollick\Application Data\Malwarebytes
[2009/04/19 20:30:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 20:30:10 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 20:30:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 20:30:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 20:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 20:28:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/19 20:28:01 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\Desktop\NTREGOPT.lnk
[2009/04/19 20:28:01 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\Desktop\ERUNT.lnk
[2009/04/19 20:27:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/18 22:07:01 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\Loralie.doc
[2009/04/17 22:57:51 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\windowsremoval.exe
[2009/04/17 09:57:28 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 09:57:27 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 09:57:27 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/17 09:57:26 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 09:57:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 09:57:25 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 09:57:23 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/17 09:57:23 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/17 09:57:22 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/17 09:57:21 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 09:56:45 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 11:40:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\5715 Repair LIst.doc
[2009/04/14 20:33:05 | 00,001,650 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
[2009/04/14 09:08:17 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2009/04/14 09:07:14 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/04/14 09:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/04/14 09:07:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amber Scollick\Application Data\Webroot
[2009/04/14 09:07:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/04/14 09:03:01 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/12 21:42:44 | 00,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Self Support Tool.lnk
[2009/04/12 21:41:27 | 00,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2009/04/08 22:16:35 | 00,231,199 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\Desktop\Ebay Colors.jpg
[2009/04/06 21:59:10 | 00,006,433 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\beanababy_125.jpg
[2009/04/06 15:08:23 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\Property Schedule.doc
[2009/04/06 15:08:17 | 00,011,039 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\Property Schedule.docx
[2009/04/06 14:35:17 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\Copy of Template.xls
[2009/04/06 12:09:28 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\shiloah.doc
[2009/04/06 11:15:26 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\pinkpoodle.doc
[2009/04/06 11:09:41 | 00,011,090 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\pinkpoodle.docx
[2009/04/06 09:43:03 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\debbie.doc
[2009/04/05 19:25:06 | 00,013,609 | ---- | C] () -- C:\shower_present_gift_mom_baby.htm
[2009/04/05 19:08:39 | 00,004,664 | ---- | C] () -- C:\present.jpg
[2009/04/02 14:30:12 | 00,176,752 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2009/04/02 14:30:10 | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2009/04/02 14:30:08 | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2009/04/02 14:30:04 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/04/02 14:29:56 | 00,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/03/31 21:43:31 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\McCutchen.doc
[2009/03/30 21:29:54 | 00,014,060 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\blank.docx
[2009/03/29 19:55:25 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\Wholesale Accounts.doc
[2009/03/29 15:36:32 | 00,005,867 | ---- | C] () -- C:\oldsitemap.xml
[2009/03/29 14:14:36 | 00,012,561 | ---- | C] () -- C:\benefits-of-baby-wearing.htm
[2009/03/29 13:23:47 | 00,146,781 | ---- | C] () -- C:\pinkhairbow.jpg
[2009/03/28 17:16:31 | 00,012,065 | ---- | C] () -- C:\wholesale_baby_boutique_beana_baby.htm
[2009/03/28 16:44:30 | 00,013,252 | ---- | C] () -- C:\free_affiliate_program_beana_baby.htm
[2009/03/28 14:48:02 | 00,006,433 | ---- | C] () -- C:\beanababy_125.jpg
[2009/03/27 18:30:38 | 00,010,322 | ---- | C] () -- C:\Documents and Settings\Amber Scollick\My Documents\Beanababy.docx
[2009/03/24 17:13:00 | 00,019,163 | ---- | C] () -- C:\children.jpg
[2009/03/24 17:10:54 | 00,096,936 | ---- | C] () -- C:\newcards.JPG
[2009/03/24 15:23:44 | 00,010,858 | ---- | C] () -- C:\beana_baby_boutique_photo_galler.htm
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/07/12 20:05:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/04 08:59:27 | 00,000,654 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/01/17 13:38:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/16 13:06:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL
[2006/01/16 13:06:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL
[2006/01/16 13:04:38 | 00,001,012 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/01/10 15:31:35 | 00,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2006/01/10 15:31:29 | 00,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2006/01/07 20:57:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2006.ini
[2005/12/18 21:38:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/03 13:27:19 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/09/02 09:34:20 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/02 09:34:20 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A5B7C537E9.sys
[2005/08/25 01:30:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/25 01:20:02 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/25 00:50:56 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/08/25 00:50:40 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,552 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/13 18:06:46 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBMLCNP.DLL
[2003/06/13 06:53:38 | 00,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbmcoin.ini
[2002/11/13 10:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbmvs.dll
[1999/01/22 06:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/23 11:02:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amber Scollick\Desktop\OTListIt2.exe
[2009/04/23 09:59:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/23 09:59:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/23 01:28:37 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/04/23 01:00:16 | 00,001,650 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
[2009/04/22 23:24:05 | 00,009,989 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\scan.docx
[2009/04/22 11:53:36 | 00,001,012 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/04/22 11:10:49 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Seller Inspection Response.doc
[2009/04/21 14:26:03 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/21 14:25:27 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/20 10:29:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/20 03:02:19 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/20 00:37:37 | 00,513,146 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/20 00:37:37 | 00,431,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/20 00:37:37 | 00,072,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/19 23:44:42 | 00,000,085 | -HS- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\desktop.ini
[2009/04/19 23:33:27 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\Desktop\Rooter.exe
[2009/04/19 20:30:10 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 20:28:01 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\Desktop\NTREGOPT.lnk
[2009/04/19 20:28:01 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\Desktop\ERUNT.lnk
[2009/04/18 22:07:02 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Loralie.doc
[2009/04/17 22:57:53 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\windowsremoval.exe
[2009/04/17 22:06:27 | 00,013,426 | ---- | M] () -- C:\index.html
[2009/04/15 11:40:06 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\5715 Repair LIst.doc
[2009/04/15 11:06:30 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Wholesale Accounts.doc
[2009/04/14 09:08:17 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2009/04/14 09:03:04 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/04/13 20:29:06 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY39S331J7K3.job
[2009/04/12 21:43:57 | 00,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Self Support Tool.lnk
[2009/04/08 22:16:36 | 00,231,199 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\Desktop\Ebay Colors.jpg
[2009/04/06 22:20:06 | 00,003,117 | ---- | M] () -- C:\Mom_Pack.gif
[2009/04/06 21:58:55 | 00,006,433 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\beanababy_125.jpg
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 15:12:03 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Property Schedule.doc
[2009/04/06 15:08:17 | 00,011,039 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Property Schedule.docx
[2009/04/06 14:49:56 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Copy of Template.xls
[2009/04/06 13:32:34 | 01,563,008 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/04/06 13:26:46 | 00,511,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/04/06 12:09:28 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\shiloah.doc
[2009/04/06 11:15:26 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\pinkpoodle.doc
[2009/04/06 11:09:41 | 00,011,090 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\pinkpoodle.docx
[2009/04/06 09:43:04 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\debbie.doc
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 19:28:02 | 00,013,609 | ---- | M] () -- C:\shower_present_gift_mom_baby.htm
[2009/04/05 19:07:38 | 00,004,664 | ---- | M] () -- C:\present.jpg
[2009/04/05 19:05:24 | 00,014,790 | ---- | M] () -- C:\burp_cloths_stylish_baby_boutique.htm
[2009/04/05 10:00:15 | 00,000,780 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2009/04/02 14:30:12 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2009/04/02 14:30:10 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2009/04/02 14:30:08 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2009/04/02 14:30:04 | 00,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/04/02 14:29:56 | 00,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/03/31 21:43:31 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\McCutchen.doc
[2009/03/30 21:29:54 | 00,014,060 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\blank.docx
[2009/03/30 12:00:44 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Applicants Names.doc
[2009/03/29 17:01:40 | 00,012,065 | ---- | M] () -- C:\wholesale_baby_boutique_beana_baby.htm
[2009/03/29 17:01:16 | 00,013,252 | ---- | M] () -- C:\free_affiliate_program_beana_baby.htm
[2009/03/29 16:59:49 | 00,012,561 | ---- | M] () -- C:\benefits-of-baby-wearing.htm
[2009/03/29 16:49:27 | 00,012,906 | ---- | M] () -- C:\about.shtml
[2009/03/29 16:48:13 | 00,024,227 | ---- | M] () -- C:\custom-diaper-wipe-case.shtml
[2009/03/29 16:47:27 | 00,016,551 | ---- | M] () -- C:\wedding-tutu-flowergirl.html
[2009/03/29 16:46:44 | 00,018,414 | ---- | M] () -- C:\Order-Custom-Tutu.html
[2009/03/29 16:45:54 | 00,021,948 | ---- | M] () -- C:\Birthday-Tutu-Set-First-Party.htm
[2009/03/29 16:45:02 | 00,023,021 | ---- | M] () -- C:\Nursing-Covers-Breastfeeding-Cover.shtml
[2009/03/29 16:43:59 | 00,015,683 | ---- | M] () -- C:\nursing_bra_stylish_breastfeeding.htm
[2009/03/29 16:43:07 | 00,026,596 | ---- | M] () -- C:\beana-ring.shtml
[2009/03/29 16:43:04 | 00,028,259 | ---- | M] () -- C:\Maternity-Underwear-Stylish-Panty.htm
[2009/03/29 16:42:00 | 00,022,756 | ---- | M] () -- C:\hairbow_holder_organizer.shtml
[2009/03/29 16:38:55 | 00,021,552 | ---- | M] () -- C:\Baby-Doll-Carrier-Sling-Toy.shtml
[2009/03/29 15:52:44 | 00,011,856 | ---- | M] () -- C:\sitemap.xml
[2009/03/29 15:36:32 | 00,005,867 | ---- | M] () -- C:\oldsitemap.xml
[2009/03/29 15:07:41 | 00,013,371 | ---- | M] () -- C:\test.htm
[2009/03/29 14:19:13 | 00,029,974 | ---- | M] () -- C:\Fitted-Pouch-Slings-Baby-Carrier.shtml
[2009/03/29 13:18:57 | 00,146,781 | ---- | M] () -- C:\pinkhairbow.jpg
[2009/03/28 19:40:26 | 00,011,866 | ---- | M] () -- C:\beana-baby-shipping-returns.shtml
[2009/03/28 19:26:09 | 00,011,725 | ---- | M] () -- C:\we_love_them.shtml
[2009/03/28 14:47:42 | 00,006,433 | ---- | M] () -- C:\beanababy_125.jpg
[2009/03/27 18:30:38 | 00,010,322 | ---- | M] () -- C:\Documents and Settings\Amber Scollick\My Documents\Beanababy.docx
[2009/03/27 01:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/26 09:04:46 | 00,108,175 | ---- | M] () -- C:\logfile
[2009/03/24 17:13:00 | 00,019,163 | ---- | M] () -- C:\children.jpg
[2009/03/24 17:10:54 | 00,096,936 | ---- | M] () -- C:\newcards.JPG
[2009/03/24 15:29:38 | 00,010,858 | ---- | M] () -- C:\beana_baby_boutique_photo_galler.htm
[2009/03/24 14:26:19 | 00,055,022 | ---- | M] () -- C:\Nurser.jpg

========== LOP Check ==========

[2009/04/19 22:59:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/01/02 23:07:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\_vti_cnf
[2006/03/21 20:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series
[2008/01/02 23:07:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series(2)
[2007/01/29 09:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/01/21 09:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2006/09/15 14:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/01/24 19:22:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/09/25 20:58:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2008/11/18 21:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2005/08/25 01:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2005/08/25 01:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/02/18 20:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/11/29 22:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/04/19 20:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/07 09:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/01/18 12:46:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/20 00:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/04/12 21:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/01/19 17:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/02 23:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/17 17:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2006/04/16 02:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/04/05 21:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/14 09:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2006/12/16 10:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/19 22:59:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2009/04/19 23:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/19 20:30:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Amber Scollick\Application Data
[2008/01/02 23:07:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\_vti_cnf
[2008/01/02 23:07:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\4200Series
[2006/07/12 20:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\acccore
[2008/09/02 17:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Adobe
[2008/11/19 19:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\AdobeUM
[2007/09/30 06:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Corel
[2008/01/02 23:07:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Digital Album Organizer
[2008/01/02 23:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\FaxCtr
[2008/06/01 21:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Google
[2007/04/23 17:52:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Gtek
[2009/04/09 14:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\gtk-2.0
[2005/11/14 12:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Help
[2005/09/07 13:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Hewlett-Packard
[2004/08/10 13:08:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Identities
[2008/11/27 22:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\InstallShield
[2008/02/25 11:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Intuit
[2008/01/04 15:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Jasc Software Inc
[2005/11/14 22:24:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Leadertech
[2005/08/30 15:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Macromedia
[2009/04/19 20:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Malwarebytes
[2009/03/22 22:51:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Microsoft
[2006/01/17 13:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Microsoft Web Folders
[2009/04/12 21:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Motive
[2008/12/17 09:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Mozilla
[2008/01/02 23:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\muvee Technologies
[2007/07/20 18:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Nikon
[2008/01/02 23:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Nvu
[2005/11/14 22:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Sonic
[2008/11/30 11:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Sony Corporation
[2005/08/25 01:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Sun
[2005/08/30 15:35:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Symantec
[2007/02/21 14:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Viewpoint
[2009/04/14 09:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Webroot
[2009/01/18 13:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Windows Desktop Search
[2009/01/18 14:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Windows Search
[2008/10/24 06:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amber Scollick\Application Data\Yahoo!
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/11/29 22:00:56 | 00,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job
[2007/11/29 22:00:31 | 00,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2009/04/13 20:29:06 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7600#MY39S331J7K3.job
[2009/04/23 09:59:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/04/23 01:28:37 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
[2009/04/23 01:00:16 | 00,001,650 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job

========== Purity Check ==========

< End of report >

and the extras

OTListIt Extras logfile created on: 4/23/2009 11:04:31 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Amber Scollick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 94.12 Mb Available Physical Memory | 18.46% Memory free
1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.32% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.90 Gb Total Space | 47.27 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBCKJ981
Current User Name: Amber Scollick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 File not found
c:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
c:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater File not found
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare (Eastman Kodak Company)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1152752820\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1152752820\ee\aim6.exe:*:Enabled:AIM File not found
C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE (Lexmark International, Inc.)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Computer, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage (Microsoft Corporation)
C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax File not found
C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Webroot AntiVirus with AntiSpyware
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DBFBD32-00BB-4678-B77B-8F5F729842BC}" = PS7600
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcuts
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7217DF28-4855-421F-8FD9-377F50E2B93D}" = Print Workshop 2006
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark Fax Solutions
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AT&&T Yahoo! Messenger" = AT&T Yahoo! Messenger
"ATT-SST" = AT&T Self Support Tool
"avast!" = avast! Antivirus
"BroadJump Client Foundation" = BroadJump Client Foundation
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark 4200 Series Fax Solutions
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Lexmark 4200 Series" = Lexmark 4200 Series
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photo Viewer" = Photo Viewer 2.3
"PictureProject In Touch" = PictureProject In Touch 1.0
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"Punch! Super Home Suite" = Punch! Super Home Suite
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2009 12:22:07 AM | Computer Name = DBCKJ981 | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 4/20/2009 12:33:07 AM | Computer Name = DBCKJ981 | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 4/20/2009 12:33:08 AM | Computer Name = DBCKJ981 | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 4/20/2009 12:46:36 AM | Computer Name = DBCKJ981 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/20/2009 12:46:52 AM | Computer Name = DBCKJ981 | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

Error - 4/20/2009 1:18:02 AM | Computer Name = DBCKJ981 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/20/2009 10:38:59 AM | Computer Name = DBCKJ981 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/21/2009 12:53:31 AM | Computer Name = DBCKJ981 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/21/2009 12:55:15 AM | Computer Name = DBCKJ981 | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.425, faulting
module yahoomessenger.exe, version 8.1.0.425, fault address 0x000033f8.

Error - 4/22/2009 7:12:47 PM | Computer Name = DBCKJ981 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001e41.

[ OSession Events ]
Error - 4/16/2009 9:48:29 PM | Computer Name = DBCKJ981 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 34710
seconds with 660 seconds of active time. This session ended with a crash.

Error - 4/16/2009 9:49:22 PM | Computer Name = DBCKJ981 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/19/2009 7:51:44 PM | Computer Name = DBCKJ981 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 108480
seconds with 1800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/20/2009 1:35:41 AM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 4/20/2009 4:13:23 AM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 4/20/2009 10:40:17 AM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Background Intelligent Transfer
Service service, but this action failed with the following error: %%1056

Error - 4/20/2009 10:40:17 AM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/20/2009 3:05:33 PM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 4/21/2009 9:47:18 AM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 4/21/2009 9:49:44 PM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 4/23/2009 6:27:23 AM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 4/23/2009 10:59:40 AM | Computer Name = DBCKJ981 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 4/23/2009 11:01:44 AM | Computer Name = DBCKJ981 | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.


< End of report >
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

  • Please open OTListIt2.exe
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTLI
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Key error. File not found
    
    :Commands
    [purity]
    [emptytemp]
    [reboot]
  • Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
  • Click the Run Fix button.
  • Let the program run until it is finished, reboot when it is done.
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#5
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy :)

Thanks !

User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_704.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04232009_224406

Files moved on Reboot...
C:\Documents and Settings\Amber Scollick\Local Settings\Temp\ mon005.log moved successfully.
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\Perflib_Perfdata_808.dat not found!
C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF9242.tmp moved successfully.
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFB93B.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFB95D.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFBA7F.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFBAB9.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFBCC5.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFBCEA.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFBE3F.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFBE61.tmp not found!
C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\Z092614A\client_ad[1].php moved successfully.
C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\OBG0K1Y5\iframe[1].htm moved successfully.
C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\9TR950FI\yimPlayer[1].htm moved successfully.
C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\7XM1B2CE\client_ad[1].php moved successfully.
C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\7XM1B2CE\Yahoo-Re-direct-Scan-keeps-finding-Troj-JSRedirect-O-t236214[1].html moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_704.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

It does not look like the whole OTListIt log got posted, please try to re-post it in your next reply.
  • 0

#7
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy,

I thought I got it all last night ; but to be sure I just re-ran it ; and here is the new log. It is the same ?? THANKS !

========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\ mon000.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF36E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF54A6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF54C8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF552C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF554E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF55CA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF55EC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF5663.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF5685.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\MFCCFJ3A\Yahoo-Re-direct-Scan-keeps-finding-Troj-JSRedirect-O-t236214[2].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6dc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04242009_091658

Files moved on Reboot...
C:\Documents and Settings\Amber Scollick\Local Settings\Temp\ mon000.log moved successfully.
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF36E.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF54A6.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF54C8.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF552C.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF554E.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF55CA.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF55EC.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF5663.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF5685.tmp not found!
File C:\Documents and Settings\Amber Scollick\Local Settings\Temporary Internet Files\Content.IE5\MFCCFJ3A\Yahoo-Re-direct-Scan-keeps-finding-Troj-JSRedirect-O-t236214[2].html not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_6dc.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

It is the same ??

Nope, that was the whole log this time. :)



  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

#9
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy :)

Ok ; the Malware would not update ( it said connect to internet and / or adjust firewall ) and both were done.

I ran the scan again though ;

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/24/2009 4:42:56 PM
mbam-log-2009-04-24 (16-42-56).txt

Scan type: Quick Scan
Objects scanned: 79939
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


When I try to run the Kasperky program ; it says Java Applet has failed ( I tried several times and restarted the computer and still no luck ) ??

I even went to JAVA and updated to be sure I had the right version etc. ( and it says please go online to use this program )

Thanks again ! !!!! Sorry this is not what you asked for ! I am trying :)
  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,
That's no problem, please try the following.



Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements


#11
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi :)

Here you go !
I wanted to tell you one strange thing that happened ; no programs were running when I started the scan ; however when I came back Yahoo Messenger and my Webroot program were both up ?? I wanted to let you kno win case you wanted me scan again ?

I also wanted to tell you that when I go from one site another now ; I get a Security Alert that states you are leaving a secure connection and it is possible for others to see information.. ( thought you might need to know that :)

ComboFix 09-04-25.A1 - Amber Scollick 04/25/2009 11:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.178 [GMT -5:00]
Running from: c:\documents and settings\Amber Scollick\Desktop\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
FW: Webroot AntiVirus with AntiSpyware *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-24 21:56 . 2009-04-24 21:53 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-24 21:56 . 2009-04-24 21:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 03:44 . 2009-04-24 03:44 -------- d-----w C:\_OTListIt
2009-04-21 19:24 . 2009-04-21 19:24 -------- d-----w c:\program files\Alwil Software
2009-04-20 15:43 . 2009-04-20 15:43 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-20 04:55 . 2009-04-20 04:55 -------- d-----w c:\program files\Common Files\Scanner
2009-04-20 04:55 . 2009-04-20 04:56 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-04-20 04:52 . 2009-04-20 04:52 -------- d-sh--w c:\documents and settings\Amber Scollick\PrivacIE
2009-04-20 04:46 . 2009-04-20 04:46 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-20 04:44 . 2009-04-20 04:44 -------- d-sh--w c:\documents and settings\Amber Scollick\IETldCache
2009-04-20 04:30 . 2009-04-20 04:34 -------- d-----w C:\Rooter$
2009-04-20 04:03 . 2009-04-20 04:03 -------- d-----w c:\windows\ie8updates
2009-04-20 03:59 . 2009-04-20 04:24 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-20 03:45 . 2009-04-20 03:57 -------- dc-h--w c:\windows\ie8
2009-04-20 03:42 . 2009-04-20 04:04 -------- d--h--w c:\windows\msdownld.tmp
2009-04-20 03:32 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-04-20 01:30 . 2009-04-20 01:30 -------- d-----w c:\documents and settings\Amber Scollick\Application Data\Malwarebytes
2009-04-20 01:30 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 01:30 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 01:30 . 2009-04-20 01:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-20 01:30 . 2009-04-20 01:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 01:27 . 2009-04-20 01:28 -------- d-----w c:\program files\ERUNT
2009-04-18 03:57 . 2009-04-18 03:57 9924040 ----a-w C:\windowsremoval.exe
2009-04-17 14:57 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 14:57 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 14:57 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 14:57 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 14:57 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 14:57 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 14:57 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 14:57 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 14:57 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 14:57 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 14:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 14:07 . 2009-04-14 14:18 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----w c:\program files\Webroot
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----w c:\documents and settings\Amber Scollick\Application Data\Webroot
2009-04-14 14:07 . 2009-04-06 18:32 1563008 ----a-w c:\windows\WRSetup.dll
2009-04-14 14:03 . 2009-04-14 14:03 164 ----a-w c:\windows\install.dat
2009-04-13 02:41 . 2009-04-13 02:43 -------- d-----w c:\program files\ATT-SST
2009-04-06 00:25 . 2009-04-06 00:28 13609 ----a-w C:\shower_present_gift_mom_baby.htm
2009-04-06 00:08 . 2009-04-06 00:07 4664 ----a-w C:\present.jpg
2009-04-02 19:30 . 2009-04-02 19:30 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-04-02 19:30 . 2009-04-02 19:30 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-04-02 19:30 . 2009-04-02 19:30 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-29 20:36 . 2009-03-29 20:36 5867 ----a-w C:\oldsitemap.xml
2009-03-29 19:14 . 2009-03-29 21:59 12561 ----a-w C:\benefits-of-baby-wearing.htm
2009-03-29 18:23 . 2009-03-29 18:18 146781 ----a-w C:\pinkhairbow.jpg
2009-03-28 22:16 . 2009-03-29 22:01 12065 ----a-w C:\wholesale_baby_boutique_beana_baby.htm
2009-03-28 21:44 . 2009-03-29 22:01 13252 ----a-w C:\free_affiliate_program_beana_baby.htm
2009-03-28 19:48 . 2009-03-28 19:47 6433 ----a-w C:\beanababy_125.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 16:13 . 2007-11-30 03:13 108479 ----a-w C:\logfile
2009-04-24 21:52 . 2005-08-25 06:08 -------- d-----w c:\program files\Java
2009-04-20 05:15 . 2009-01-18 16:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-20 04:34 . 2009-04-20 04:34 3320 ----a-w C:\Rooter.txt
2009-04-20 03:59 . 2006-03-22 01:16 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-20 03:59 . 2005-11-03 18:22 -------- d-----w c:\program files\Yahoo!
2009-04-18 03:06 . 2009-01-03 02:56 13426 ----a-w C:\index.html
2009-04-13 02:44 . 2006-01-18 17:00 -------- d-----w c:\documents and settings\Amber Scollick\Application Data\Motive
2009-04-13 02:43 . 2005-11-03 18:33 -------- d-----w c:\program files\Common Files\Motive
2009-04-13 02:42 . 2005-11-03 18:32 -------- d-----w c:\program files\SBC Self Support Tool
2009-04-13 02:41 . 2005-11-03 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-04-09 19:01 . 2007-12-15 01:37 -------- d-----w c:\documents and settings\Amber Scollick\Application Data\gtk-2.0
2009-04-09 03:28 . 2006-01-08 01:57 -------- d-----w c:\program files\Print Workshop 2006
2009-04-07 03:20 . 2008-04-14 02:44 3117 ----a-w C:\Mom_Pack.gif
2009-04-06 00:05 . 2009-03-19 03:15 14790 ----a-w C:\burp_cloths_stylish_baby_boutique.htm
2009-03-29 21:49 . 2007-11-26 03:09 12906 ----a-w C:\about.shtml
2009-03-29 21:48 . 2008-08-04 01:39 24227 ----a-w C:\custom-diaper-wipe-case.shtml
2009-03-29 21:47 . 2009-01-06 20:59 16551 ----a-w C:\wedding-tutu-flowergirl.html
2009-03-29 21:46 . 2009-01-06 21:36 18414 ----a-w C:\Order-Custom-Tutu.html
2009-03-29 21:45 . 2009-03-23 01:56 21948 ----a-w C:\Birthday-Tutu-Set-First-Party.htm
2009-03-29 21:45 . 2009-01-07 17:24 23021 ----a-w C:\Nursing-Covers-Breastfeeding-Cover.shtml
2009-03-29 21:43 . 2009-03-12 21:45 15683 ----a-w C:\nursing_bra_stylish_breastfeeding.htm
2009-03-29 21:43 . 2007-11-24 04:09 26596 ----a-w C:\beana-ring.shtml
2009-03-29 21:43 . 2009-03-17 21:10 28259 ----a-w C:\Maternity-Underwear-Stylish-Panty.htm
2009-03-29 21:42 . 2008-10-18 02:38 22756 ----a-w C:\hairbow_holder_organizer.shtml
2009-03-29 21:38 . 2009-03-17 18:22 21552 ----a-w C:\Baby-Doll-Carrier-Sling-Toy.shtml
2009-03-29 20:52 . 2009-01-07 15:35 11856 ----a-w C:\sitemap.xml
2009-03-29 20:07 . 2008-02-25 15:47 13371 ----a-w C:\test.htm
2009-03-29 19:19 . 2007-11-24 04:09 29974 ----a-w C:\Fitted-Pouch-Slings-Baby-Carrier.shtml
2009-03-29 00:40 . 2007-11-24 04:09 11866 ----a-w C:\beana-baby-shipping-returns.shtml
2009-03-29 00:26 . 2008-09-18 02:58 11725 ----a-w C:\we_love_them.shtml
2009-03-24 22:13 . 2009-03-24 22:13 19163 ----a-w C:\children.jpg
2009-03-24 22:10 . 2009-03-24 22:10 96936 ----a-w C:\newcards.JPG
2009-03-24 20:29 . 2009-03-24 20:23 10858 ----a-w C:\beana_baby_boutique_photo_galler.htm
2009-03-24 19:26 . 2008-01-14 01:14 55022 ----a-w C:\Nurser.jpg
2009-03-24 04:07 . 2009-03-24 04:07 801326 ----a-w C:\LARGEflower.jpg
2009-03-24 02:44 . 2009-03-24 02:44 1406 ----a-w C:\favicon.ico
2009-03-23 23:25 . 2009-03-23 23:25 5766 ----a-w C:\menublank.jpg
2009-03-23 03:58 . 2009-03-23 03:58 531270 ----a-w C:\flower-pink-fresh.zip
2009-03-23 03:52 . 2009-03-23 03:52 22 ----a-w C:\pink.zip
2009-03-22 23:04 . 2009-03-23 02:06 7544 ----a-w C:\December-tutu.jpg
2009-03-22 23:04 . 2009-03-23 02:06 7737 ----a-w C:\November-tutu-birthday.jpg
2009-03-22 23:04 . 2009-03-23 02:06 6534 ----a-w C:\October-birthday-set.jpg
2009-03-22 23:04 . 2009-03-23 02:05 7020 ----a-w C:\September-tutu.jpg
2009-03-22 23:04 . 2009-03-23 02:05 5870 ----a-w C:\August-tutu.jpg
2009-03-22 23:04 . 2009-03-23 02:05 7847 ----a-w C:\July-Birthday-Tutu.jpg
2009-03-22 23:04 . 2009-03-23 02:05 7808 ----a-w C:\June-Birthday-Outfit.jpg
2009-03-22 23:04 . 2009-03-23 02:05 7579 ----a-w C:\Emerald-tutu.jpg
2009-03-22 23:04 . 2009-03-23 02:04 4782 ----a-w C:\April-birthday-set.jpg
2009-03-22 23:04 . 2009-03-23 02:04 6728 ----a-w C:\MarchBirthdaySet.jpg
2009-03-22 23:04 . 2009-03-23 02:04 7806 ----a-w C:\FebruaryTutu.jpg
2009-03-22 23:04 . 2009-03-23 02:03 6801 ----a-w C:\Januarybirthdaytutu.jpg
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 22:09 . 2009-03-19 22:09 294725 ----a-w C:\BBHomePageCollage.jpg
2009-03-19 04:01 . 2009-03-19 04:01 100577 ----a-w C:\doll-carrier-sling.jpg
2009-03-19 03:55 . 2009-03-19 03:55 197662 ----a-w C:\weddingtwo.JPG
2009-03-19 02:42 . 2009-03-19 02:42 243518 ----a-w C:\Burpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:47 42562 ----a-w C:\blueburpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:47 42729 ----a-w C:\prettypinkburpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:47 42267 ----a-w C:\retroburpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:47 39876 ----a-w C:\purpleburpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:46 41989 ----a-w C:\zebraburpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:46 43751 ----a-w C:\turquoiseburpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:46 42241 ----a-w C:\yellowburpcloth.jpg
2009-03-19 02:38 . 2009-03-19 02:45 41607 ----a-w C:\pinkburpcloth.jpg
2009-03-19 02:32 . 2009-03-18 22:50 149124 ----a-w C:\tutupage.jpg
2009-03-19 00:01 . 2009-03-19 00:01 178966 ----a-w C:\wedding.jpg
2009-03-18 22:38 . 2009-03-18 22:38 195301 ----a-w C:\design-a-tutu.jpg
2009-03-18 21:59 . 2009-03-18 21:59 150559 ----a-w C:\doll-sling.jpg
2009-03-17 22:20 . 2008-01-05 21:08 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-17 21:52 . 2007-11-24 03:50 11805 ----a-w C:\beana-baby-gift-certificates.shtml
2009-03-17 18:26 . 2009-03-17 18:26 206761 ----a-w C:\CustomWipeCase.jpg
2009-03-17 02:55 . 2009-03-17 02:57 120384 ----a-w C:\tutu-wedding-flowergirl.jpg
2009-03-14 03:26 . 2007-11-24 04:10 12791 ----a-w C:\design-a-tutu.shtml
2009-03-14 03:06 . 2009-03-14 03:06 157298 ----a-w C:\tutu-sassy.jpg
2009-03-12 20:40 . 2007-11-24 04:12 7854 ----a-w C:\wearing-instructions.shtml
2009-03-12 19:57 . 2009-03-12 19:57 111358 ----a-w C:\ring-hold-1-th.jpg
2009-03-12 16:36 . 2009-03-12 16:36 52816 ----a-w C:\basic-black-th.jpg
2009-03-12 16:36 . 2009-03-12 16:36 49 ----a-w C:\MsSpacer.gif
2009-03-12 16:36 . 2009-03-12 16:36 28975 ----a-w C:\pale-pink-th.jpg
2009-03-12 16:36 . 2009-03-12 16:36 27282 ----a-w C:\basic-beige-th.jpg
2009-03-12 16:36 . 2009-03-12 16:36 22356 ----a-w C:\pink-aqua-bubble-th.jpg
2009-03-12 16:36 . 2009-03-12 16:36 2133 ----a-w C:\stripe.jpg
2009-03-12 16:36 . 2009-03-12 16:36 14317 ----a-w C:\hot-pink-th.gif
2009-03-12 15:40 . 2009-03-12 02:23 8922 ----a-w C:\new_page_1.htm
2009-03-12 15:36 . 2008-07-12 02:42 117469 ----a-w C:\babyinsling.jpg
2009-03-12 02:23 . 2009-03-12 02:23 10966 ----a-w C:\Blog.JPG
2009-03-12 02:22 . 2009-03-12 02:22 7476 ----a-w C:\Cart.JPG
2009-03-12 02:22 . 2009-03-12 02:22 10315 ----a-w C:\Store.JPG
2009-03-12 02:21 . 2009-03-12 02:21 11982 ----a-w C:\Information.JPG
2009-03-12 02:20 . 2009-03-12 02:20 9561 ----a-w C:\Clearance.jpg
2009-03-12 02:19 . 2009-03-12 02:19 9632 ----a-w C:\GiftCertificates.JPG
2009-03-12 02:18 . 2009-03-12 02:18 7882 ----a-w C:\Tutus.JPG
2009-03-12 02:18 . 2009-03-12 02:18 10284 ----a-w C:\Baby.jpg
2009-03-12 02:18 . 2009-03-12 02:18 11554 ----a-w C:\Mommy.jpg
2009-03-12 02:17 . 2009-03-12 02:17 11635 ----a-w C:\BeanaSlings.jpg
2009-03-12 02:16 . 2009-03-12 02:16 7726 ----a-w C:\BeanaBabyHome.jpg
2009-03-12 02:15 . 2009-03-12 02:14 96448 ----a-w C:\BeanaBanner.jpg
2009-03-12 01:07 . 2009-03-12 03:19 193666 ----a-w C:\beana-pouch-main.jpg
2009-03-08 19:09 . 2006-11-07 08:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 22:50 . 2005-09-02 14:34 56 --sh--r c:\windows\system32\A5B7C537E9.sys
2009-01-15 22:50 . 2005-09-02 14:34 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-06 00:46 . 2009-01-06 00:46 32768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009010520090106\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 18:26 238968 ----a-w c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-25 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-25 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-04-06 6345840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Amber Scollick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-27 368640]
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-3-21 8384512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-1-15 118784]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-02 29808]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-04-14 1181040]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard76002003-08-20 19:57Y39S331J7K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 19:57]

2009-04-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-08-25 17:24]

2009-04-25 c:\windows\Tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-14 18:32]

2009-04-25 c:\windows\Tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-14 18:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 11:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1892)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Lexmark 4200 Series\lxbmbmon.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\searchindexer.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
c:\windows\system32\dumprep.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-04-25 11:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-25 16:26

Pre-Run: 51,088,433,152 bytes free
Post-Run: 51,009,081,344 bytes free

327 --- E O F --- 2009-04-20 08:02


THANKS !!!!!!!

Edited by ascollick, 25 April 2009 - 09:50 AM.

  • 0

#12
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

however when I came back Yahoo Messenger and my Webroot program were both up ?? I wanted to let you kno win case you wanted me scan again ?

That's fine.

I also wanted to tell you that when I go from one site another now ; I get a Security Alert that states you are leaving a secure connection and it is possible for others to see information

Does it do this on all sites? When did this start?




Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
Please post the contents of RootRepeal.txt in your next reply.
  • 0

#13
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy ;

QUOTE
I also wanted to tell you that when I go from one site another now ; I get a Security Alert that states you are leaving a secure connection and it is possible for others to see information

Does it do this on all sites? When did this start?

It started last night ; as far as I can tell ; it looks like any website where a password or login is required ?

Here is the rootrepeal log ;

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/25 18:34
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED7DC000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BE6000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC4A6000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DF9B8A.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Amber Scollick\Local Settings\Temp\~DFA267.tmp
Status: Allocation size mismatch (API: 32768, Raw: 0)

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x82f9e240

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x82fad020

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x82fd31e8

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x82fe8348

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x82f9e510

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x82fb0128

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x82fed450

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x82f9e2b8

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x82f9e150

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x82fce148

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x82f9e3a8

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x82fa9cd8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x82fad130

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x82f9e420

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x82fe65a8

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x82f9e588

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x82f9e330

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x82fad658

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x82f9e498

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x82f9e1c8

Stealth Objects
-------------------
Object: Hidden Module [Name: WiseApi.dll]
Process: SpySweeperUI.exe (PID: 320) Address: 0x04cb0000 Size: 102400

Object: Hidden Module [Name: SOSClientApi.dll]
Process: SpySweeperUI.exe (PID: 320) Address: 0x05850000 Size: 36864

Object: Hidden Module [Name: TaskScheduler.dll]
Process: SpySweeperUI.exe (PID: 320) Address: 0x05a90000 Size: 61440

Object: Hidden Module [Name: SOSLibrary.dll]
Process: SpySweeperUI.exe (PID: 320) Address: 0x05970000 Size: 995328

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x82ec8170 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x82a282e0 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x82f6b170 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x82a58190 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x82b1c500 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82b1c488 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82f01790 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x82f01718 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x82a64b20 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82a64aa8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82a4b560 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82a4b4e8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82a4fee8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82a4fe70 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82a4fdf8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82a4fd80 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82a4fd08 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82a4fc90 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x82a4fc18 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82a4fba0 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82a4fb28 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82a4fab0 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x82ea2fa8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82ea2f30 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x82ea2eb8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82ea2e40 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82ea2dc8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x82ea2d50 Size: -

Thanks again SOOO MUCH !

Edited by ascollick, 25 April 2009 - 05:02 PM.

  • 0

#14
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

It started last night ; as far as I can tell ; it looks like any website where a password or login is required ?

That's fine, I get that as well.



Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#15
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Jimmy :

Couple questions

When I put it in safe mode there are a couple options ( just safe mode , and then safe mode with 2 other options )

Also then it asks me to open in Windows XP or Windows Recovery Mode ; which one ?

I tried to guess and chose safe mode and then XP ; but then I could not connect to the internet ( it said cannot connect in safe mode ) to see the rest of your instructions so I just logged back in normal mode to email you :)

So I wanted to double check that I was picking the right options ?

Thanks ! Amber
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP