Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads Pop Up When Starting Firefox! [Solved]

Started by Boll , Aug 27 2009 01:37 PM

  • This topic is locked This topic is locked

#1
Boll
Posted 27 August 2009 - 01:37 PM

Boll

    Member

  • Member
  • PipPip
  • 18 posts
Normally when I start firefox, it just loads the Firefox Google start page and nothing else. Now whenever I start firefox it loads the normal start page and a second tab for an advertisement(Either a dating website, weight loss, or smoke free cigarettes). I found a How-To guide on removing adware on the PC world website and it said to get "HiJackThis" and post the log here. So here it is:
Does anything seem out of place or strange?
Thanks!







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:23 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Sukoku\sukoku.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6430 bytes
  • 0

Advertisements

#2
Boll
Posted 27 August 2009 - 02:11 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I've been following the steps on the MalWare And Spyware Cleaning guide but I'm stuck on Step 5 since whenever I try to run RootRepeal I get a message that says my virtual Memory is too low.
Anyway here's the log from MalWarebyte's Anti- Malware:

Malwarebytes' Anti-Malware 1.40
Database version: 2706
Windows 5.1.2600 Service Pack 3

8/27/2009 4:45:16 PM
mbam-log-2009-08-27 (16-45-16).txt

Scan type: Quick Scan
Objects scanned: 96859
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 29
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 185

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Media Access Startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900 (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900 (Adware.DoubleD) -> Delete on reboot.

Files Infected:
C:\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090817-200347.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-003100.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-003250.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-003252.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-005115.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-100947.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-104437.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-105330.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-105856.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-114152.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090818-122449.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-003808.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-065126.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-102919.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-124717.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-132223.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-133018.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-133953.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-180052.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-185420.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-192643.425.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-202913.173.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-204637.883.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-211940.833.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-212735.133.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-212824.290.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-213843.528.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-231523.795.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-231531.280.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-232620.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-233534.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-234942.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-234946.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090819-235757.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-003126.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-004926.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-004940.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-005111.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-005114.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-081802.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-081820.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-084935.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-091847.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-092059.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-110205.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-110210.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-110720.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-111549.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-114309.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-121300.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-123820.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-134624.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-134633.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-143847.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\NP_20090820-143857.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Internet Saving Optimizer\3.6.3.4500\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090817-195955.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090817-200346.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-003100.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-003250.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-003252.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-005115.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-100947.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-104437.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-105330.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-105856.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-114152.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090818-122449.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-003808.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-065126.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-102919.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-124717.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-132223.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-133018.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-133953.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-180052.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-185420.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-192643.410.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-202913.157.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-204637.868.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-211940.771.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-212735.024.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-212824.274.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-213843.513.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-231523.748.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-231531.264.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-232620.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-233534.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-234942.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-234946.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090819-235757.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-003126.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-004926.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-004940.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-005111.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-005114.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-081802.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-081820.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-084935.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-091847.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-092059.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-110205.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-110210.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-110720.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-111549.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-114309.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-121300.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-123820.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-134624.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-134633.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-143847.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-143857.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-160337.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-160345.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-162021.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090820-162349.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-100434.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-100437.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-101804.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-120716.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-122644.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-130200.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-131458.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090821-132925.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090825-143025.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090825-143147.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090825-143531.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-015653.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-015752.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-120002.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-120008.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-124321.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-124914.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-132047.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-134004.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-150523.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090826-151959.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-004302.665.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-120459.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-121642.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-121722.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-124945.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-144611.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-145019.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-145031.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-145233.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-145234.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-145554.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-145641.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-145851.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-150115.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-150338.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-150519.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-152135.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-152156.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-155208.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-155220.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-155229.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-160621.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-160936.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\HJHP_20090827-162718.484.log (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Media Access Startup\1.5.5.900\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.

Edited by Boll, 27 August 2009 - 05:39 PM.

  • 0

#3
Tweene
Posted 30 August 2009 - 06:47 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello Boll and Welcome to Geeks To Go!

I'm Tweene and i'll try to help you.

I'm currently looking over your logs.
I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. So please bear with me.
  • Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • Please reply to this thread. Do not start a new topic.
  • As we will likely be using Notepad please check that word wrap is turned off before you start. To do this, open Notepad, choose Format, then make sure Word Wrap is Un-checked. Word Wrap makes reading your log difficult and may prevent fixes using Notepad from working.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and we will go through it together.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • Make sure you reply to this thread using the Add Reply button

Please read this post completely, it may make it easier if you copy and paste my posts to a new text document or print it for reference later. This will especially help you when your computer is off line. You may want to do this following each post for each set of instructions.


You have visited the Malware and Spyware Cleaning Guide, and have posted the Malwarebyte log. Please post the OTL logs : OTL.txt and Extras.txt

Please do not attach the logs, as it makes them much harder to read. Feel free to copy and paste the contents of them in a reply instead. These logs may or may not fit into one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply.
  • 0

#4
Tweene
Posted 31 August 2009 - 09:54 AM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello Boll


From your log(s), you do not seem to have an active anti-virus resident protection running. This is extremely dangerous as your computer is vulnerable to all kinds of infections. Before we go on to clean up your computer, please go to the following links provided below, download and install ONE of the anti-virus protection.
=> Antivir Personal Free
=> AVG 8.0
=> Avast! Home Edition


Then


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Don't forget the OTL logs :)
  • 0

#5
Boll
Posted 31 August 2009 - 03:11 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Strange, at the time of my first post I was and have been running Avast!. And Remember that for some reason I am not able to run RootRepeal.
Anyway here is the OTL log:



OTL logfile created on: 8/31/2009 5:03:36 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\MaryAnn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 149.52 Mb Available Physical Memory | 29.32% Memory free
1.47 Gb Paging File | 1.08 Gb Available in Paging File | 73.81% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.27 Gb Free Space | 24.91% Space Free | Partition Type: NTFS
Drive D: | 675.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: MaryAnn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 11:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 12:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/04/21 12:16:02 | 01,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/08/25 15:27:28 | 00,054,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/14 06:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/06/21 17:48:18 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2009/08/17 12:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2005/06/21 17:44:34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2003/09/03 22:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/26 21:47:34 | 00,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2009/08/17 12:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2003/10/06 12:05:40 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
PRC - [2003/10/06 12:05:40 | 00,118,784 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2004/05/27 21:05:42 | 00,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2002/04/24 21:37:43 | 01,544,192 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\bin\tgcmd.exe
PRC - [2009/03/30 23:44:46 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/25 15:27:28 | 00,054,760 | ---- | M] () -- C:\Program Files\Sukoku\sukoku.exe
PRC - [2009/08/17 12:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/06/10 16:02:38 | 01,217,784 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2003/10/07 17:20:18 | 00,352,256 | ---- | M] ( ) -- C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
PRC - [2009/08/27 23:27:42 | 26,784,939 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/08/31 17:02:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MaryAnn\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/04/21 12:16:02 | 01,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 11:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 12:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 12:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 12:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 06:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2009/08/25 15:27:28 | 00,054,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe -- (Sukoku Service [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/08/17 12:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/14 01:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/08/17 12:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 12:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/17 12:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/17 12:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 12:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2003/05/23 14:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/08/17 14:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/07/23 21:24:11 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2008/04/13 23:04:28 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2008/04/13 23:04:28 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:28 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:28 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:32 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:34 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:30 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:30 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:30 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2008/04/13 23:04:30 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2005/06/21 18:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2003/11/21 00:13:40 | 01,232,741 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2003/11/21 00:14:28 | 00,646,825 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2003/11/21 00:12:56 | 00,059,717 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2003/11/21 00:12:42 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/08/13 17:01:40 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2008/04/13 23:04:32 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2008/04/14 01:26:08 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2002/08/29 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2002/08/29 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/10 20:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/14 01:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/02/28 11:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2003/01/10 19:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2003/04/15 12:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 12:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aol.com/puccini/start [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-divx&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.14
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.17
FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.4.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20090630
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-divx&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/30 23:45:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 12:13:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/27 14:49:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/27 14:49:58 | 00,000,000 | ---D | M]

[2008/06/20 17:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Extensions
[2008/06/20 17:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/30 16:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions
[2009/04/12 22:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/08/05 20:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/08/05 20:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/08/13 12:45:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/27 14:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/08/28 19:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/27 14:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\[email protected]
[2009/04/15 22:56:01 | 00,002,042 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Application Data\Mozilla\FireFox\Profiles\bdra0wcb.default\searchplugins\facebook.xml
[2009/08/27 12:27:22 | 00,004,857 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Application Data\Mozilla\FireFox\Profiles\bdra0wcb.default\searchplugins\isohunt---bt-search.xml
[2009/08/30 16:09:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/26 02:31:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}
[2009/08/27 14:49:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/27 14:49:41 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/27 14:49:41 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 15:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/02/24 15:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 15:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/27 14:49:48 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/02/24 15:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/27 14:49:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/27 14:49:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/27 14:49:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/27 14:49:50 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/27 14:49:50 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/17 21:12:54 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sukoku113.xml
[2009/08/26 02:31:51 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sukoku115.xml
[2009/08/27 14:49:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/27 14:49:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\MaryAnn\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\MaryAnn\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: adecco.com ([.xpert] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/01/19 06:37:14 | 02,119,160 | R--- | M] () - D:\Autoplay.wav -- [ CDFS ]
O32 - AutoRun File - [2000/01/28 05:59:02 | 01,118,208 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/01/17 13:55:52 | 00,000,138 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/31 17:03:03 | 00,046,157 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\MaryAnn\Desktop\GooredFix.exe
[2009/08/31 17:02:42 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MaryAnn\Desktop\OTL.exe
[2009/08/28 11:53:43 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/27 18:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/27 18:46:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/27 18:46:40 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/27 17:03:40 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/27 17:03:39 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/27 17:03:38 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/27 17:03:36 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/27 17:03:36 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/27 17:03:35 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/27 17:03:35 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/27 17:03:35 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/27 17:03:18 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/27 17:03:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/27 17:03:15 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/27 16:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\Application Data\Malwarebytes
[2009/08/27 16:32:25 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/27 16:32:24 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/27 16:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/27 16:32:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/27 16:30:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/27 16:30:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/27 15:27:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/21 13:39:31 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/21 13:39:31 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/21 13:39:30 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/21 13:39:30 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/21 13:39:30 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/21 13:39:30 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/21 13:39:30 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/21 13:39:30 | 00,000,000 | ---D | C] -- C:\5ebc344fcf9d2289a15da4a0e2f27b
[2009/08/21 13:19:32 | 00,000,000 | ---D | C] -- C:\3ed901e8d4ad741e8056109bd976ed
[2009/08/20 15:48:11 | 53,484,3392 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/20 14:30:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/20 11:25:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP
[2009/08/20 08:22:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Symantec
[2009/08/20 00:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\My Documents\Symantec
[2009/08/20 00:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/08/20 00:42:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Downloaded Installations
[2009/08/19 21:45:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/19 21:30:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/19 21:29:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/08/17 20:35:11 | 00,033,456 | ---- | C] () -- C:\Documents and Settings\MaryAnn\My Documents\meninblack.jpg
[2009/08/17 19:59:58 | 00,000,000 | ---D | C] -- C:\Program Files\Sukoku
[2009/08/17 19:59:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sukoku
[2009/08/13 13:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/08/13 13:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/08/13 13:26:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/13 13:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/08/13 13:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/13 01:37:18 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 01:37:13 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/05 05:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/06/23 14:01:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/22 20:06:14 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/16 02:25:43 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/03/29 15:01:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/29 15:01:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/03/29 10:54:54 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/03/22 15:14:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/22 15:03:38 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/22 14:56:46 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/22 14:40:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/22 14:28:10 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 10:59:58 | 00,000,692 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/31 17:06:00 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/08/31 17:03:03 | 00,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\MaryAnn\Desktop\GooredFix.exe
[2009/08/31 17:02:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MaryAnn\Desktop\OTL.exe
[2009/08/31 15:02:15 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 14:34:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/31 14:34:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/31 14:34:36 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/31 03:02:16 | 01,575,870 | -H-- | M] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\IconCache.db
[2009/08/28 11:54:01 | 00,001,054 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Start Menu\Programs\Startup\Dropbox.lnk
[2009/08/27 19:57:13 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\MaryAnn\My Documents\William Webster-Resume.doc
[2009/08/27 19:01:13 | 00,045,224 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/27 18:59:05 | 00,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/27 18:54:35 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/27 18:52:18 | 00,543,382 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/27 18:52:18 | 00,470,760 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/27 18:52:18 | 00,082,928 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/27 18:40:09 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/27 17:03:35 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/20 15:47:08 | 00,000,692 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/08/20 15:47:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/08/20 15:47:08 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/08/17 20:35:12 | 00,033,456 | ---- | M] () -- C:\Documents and Settings\MaryAnn\My Documents\meninblack.jpg
[2009/08/17 12:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 12:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 12:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 12:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 12:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 12:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 12:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 12:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 12:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
  • 0

#6
Boll
Posted 31 August 2009 - 03:12 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
And here is the GooredFix log:



GooredFix by jpshortstuff (12.07.09)
Log created at 17:08 on 31/08/2009 (MaryAnn)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{7AB6D133-2A14-4C11-B3AD-35B1548D38F9} [06:31 26/08/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:54 30/10/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [03:45 31/03/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:48 27/08/2009]

-=E.O.F=-
  • 0

#7
Tweene
Posted 01 September 2009 - 03:01 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hi Boll


Can you tell me what the program Sukoku is ?

Could you post the second log of OTL if you have it, and then follow the following steps.


Step 1

There is some traces of Norton, please use this uninstaller to uninstall it completely.

http://service1.syma...005033108162039


Step 2

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.co...cle.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.


Step 3

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2009/08/26 02:31:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
[2009/08/31 15:02:15 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the log

Step 4

This step should help a little in order to run RootRepeal, or any other tool.

You can download Startup Control Panel here

Install it and you will find a startup icon in the control panel, run it.
  • In the HKLM tab, you may disable (be careful --> "disable") all the entries except your security software (avast!) and maybe your ISP software (if you use one).
  • In the HKCU tab, you may disable all entries.
  • In the StartUp tab, you may disable all entries except Dropbox if you need it.
Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don't hesitate to ask :)


Step 5

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#8
Boll
Posted 01 September 2009 - 09:47 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Whenever I try to run RootRepeal, I get an error message that says my virtual memory is too low and my computer freezes.
  • 0

#9
Tweene
Posted 01 September 2009 - 11:27 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Ok, do you have the other logs for me ?
And can you give me some information about the Sukoku program ?

I'll reply as soon as possible :)

:)
  • 0

#10
Boll
Posted 02 September 2009 - 01:49 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Not sure what Sukoku is, but I ran the norton removal tool, uninstalled the ViewPoint Media Player (that's all I found), and ran OTL again, the log is below. I'm working on RootRepeal now.


All processes killed
========== OTL ==========
C:\Program Files\mozilla firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9} moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
C:\Documents and Settings\MaryAnn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MaryAnn
->Temp folder emptied: 87393933 bytes
->Temporary Internet Files folder emptied: 33117088 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88103520 bytes
->Google Chrome cache emptied: 5836864 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 114688 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 204.72 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09022009_153457

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
Boll
Posted 02 September 2009 - 02:37 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Even after using the Startup Control Panel I get the Virtual Memory is too low message.
  • 0

#12
Tweene
Posted 03 September 2009 - 04:02 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello



Ok, we'll verify that Windows is managing the Virtual memory and it's not set too low.


Step 1

  • Click on Start and right-click on My Computer.
  • Choose Properties.
  • Click on the Advanced tab. Under Performance, click on the Settings button.
  • Read the current size of the virtual memory in the field "Virtual memory" and post this size in your next reply.
  • Then, under "Virtual Memory", click on the Change button.
  • Please verify that System Manage size is ticked.
Step 2

Concerning Sukoku, please delete it from "Add/Remove Programs".


THEN


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2009/08/25 15:27:28 | 00,054,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe -- (Sukoku Service [Auto | Running])
[2009/08/17 21:12:54 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sukoku113.xml
[2009/08/26 02:31:51 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sukoku115.xml
[2009/08/17 19:59:58 | 00,000,000 | ---D | C] -- C:\Program Files\Sukoku
[2009/08/17 19:59:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sukoku

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the log.
Step3

  • Please run again OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In Extra Registry check Use SafeList
  • In the File Age drop down menu, select 30 Days
  • Make sure that both LOP Check and Purity Check are ticked
  • Under the Custom Scans box at the bottom copy and paste this into it

    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.

  • Click the Run Scan button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Step 4

Please Click here to download SysProt Antirootkit (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.
Step 5

Please post the OTL logs and the log of Sysprot.
Don't forget to tell me the size of your virtual memory :)

Also, please tell me how your computer is running, do you still have the Ads with Firefox ?
  • 0

#13
Boll
Posted 03 September 2009 - 04:55 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK: 1024MG of Virtual memory, Sukoku is uninstalled, and the new OTL log is below. I'm working on the other stuff now.

All processes killed
========== OTL ==========
Service\Driver Sukoku Service not found.
Service\Driver Sukoku Service not found.
File C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe not found.
C:\Program Files\mozilla firefox\searchplugins\sukoku113.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\sukoku115.xml moved successfully.
Folder C:\Program Files\Sukoku\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Sukoku\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MaryAnn
->Temp folder emptied: 75055 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98675738 bytes
->Google Chrome cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 94.35 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09032009_184803

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#14
Tweene
Posted 03 September 2009 - 05:04 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello

OK, analysing your logs will take some time and it's time for me to go to bed, I'll be able to reply only tomorrow :)


Regards
Tweene
  • 0

#15
Boll
Posted 03 September 2009 - 05:05 PM

Boll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK goodnight!
Here's the second OTL log:

OTL logfile created on: 9/3/2009 6:57:54 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\MaryAnn\Desktop\HURR
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 314.67 Mb Available Physical Memory | 61.70% Memory free
1.47 Gb Paging File | 1.24 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.41 Gb Free Space | 25.27% Space Free | Partition Type: NTFS
Drive D: | 676.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: MaryAnn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Documents and Settings\MaryAnn\Desktop\HURR\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Unknown | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aol.com/puccini/start [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-divx&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.14
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.4.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.17
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20090630
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-divx&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 12:13:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/08/31 19:07:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/31 19:07:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/02 15:32:50 | 00,000,000 | ---D | M]

[2008/06/20 17:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Extensions
[2008/06/20 17:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/03 18:18:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions
[2009/04/12 22:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/08/05 20:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/08/05 20:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/08/13 12:45:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/27 14:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/08/28 19:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/27 14:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\mozilla\Firefox\Profiles\bdra0wcb.default\extensions\[email protected]
[2009/04/15 22:56:01 | 00,002,042 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Application Data\Mozilla\FireFox\Profiles\bdra0wcb.default\searchplugins\facebook.xml
[2009/09/03 18:28:27 | 00,004,868 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Application Data\Mozilla\FireFox\Profiles\bdra0wcb.default\searchplugins\isohunt---bt-search.xml
[2009/09/02 15:45:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/27 14:49:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/27 14:49:41 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/27 14:49:41 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 15:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/02/24 15:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 15:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/27 14:49:48 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/31 19:07:18 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/02/20 14:34:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/31 19:07:34 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/31 19:07:15 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/02/24 15:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/27 14:49:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/27 14:49:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/27 14:49:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/27 14:49:50 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/27 14:49:50 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/27 14:49:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/27 14:49:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: adecco.com ([.xpert] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/01/19 07:37:14 | 02,119,160 | R--- | M] () - D:\AUTOPLAY.WAV -- [ CDFS ]
O32 - AutoRun File - [1999/07/16 11:54:52 | 00,532,480 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/06/07 14:03:14 | 00,000,133 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/02 18:59:24 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 15:52:23 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2009/09/02 15:34:57 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/01 00:31:01 | 06,291,456 | -H-- | C] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\IconCache.db
[2009/08/31 19:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/08/31 19:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Real
[2009/08/31 19:07:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/08/31 19:07:18 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/08/31 19:07:11 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/08/31 19:07:11 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/08/31 19:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/08/31 19:06:45 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/08/31 19:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/08/28 11:53:43 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/27 18:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/27 18:46:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/27 18:46:40 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/27 17:03:40 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/27 17:03:39 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/27 17:03:38 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/27 17:03:36 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/27 17:03:36 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/27 17:03:35 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/27 17:03:35 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/27 17:03:35 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/27 17:03:18 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/27 17:03:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/27 17:03:15 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/27 16:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\Application Data\Malwarebytes
[2009/08/27 16:32:25 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/27 16:32:24 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/27 16:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/27 16:32:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/27 16:30:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/27 16:30:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/27 15:27:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/21 13:39:31 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/21 13:39:31 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/21 13:39:30 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/21 13:39:30 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/21 13:39:30 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/21 13:39:30 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/21 13:39:30 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/21 13:39:30 | 00,000,000 | ---D | C] -- C:\5ebc344fcf9d2289a15da4a0e2f27b
[2009/08/21 13:19:32 | 00,000,000 | ---D | C] -- C:\3ed901e8d4ad741e8056109bd976ed
[2009/08/20 15:48:11 | 53,484,3392 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/20 14:30:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/20 11:25:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP
[2009/08/20 08:22:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Symantec
[2009/08/20 00:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\My Documents\Symantec
[2009/08/20 00:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/08/20 00:42:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\Downloaded Installations
[2009/08/19 21:45:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/19 21:30:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/19 21:29:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/08/17 20:35:11 | 00,033,456 | ---- | C] () -- C:\Documents and Settings\MaryAnn\My Documents\meninblack.jpg
[2009/08/13 13:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/08/13 13:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/08/13 13:26:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/13 13:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/08/13 13:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/13 01:37:18 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 01:37:13 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/05 05:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/06/23 14:01:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/22 20:06:14 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/16 02:25:43 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/03/29 15:01:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/29 15:01:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/03/29 10:54:54 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/03/22 15:14:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/22 15:03:38 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/22 14:56:46 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/22 14:40:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/22 14:28:10 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 10:59:58 | 00,000,692 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/09/03 18:49:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/03 18:48:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/03 18:48:55 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/03 14:32:55 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\IconCache.db
[2009/09/02 18:59:24 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 19:07:18 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/08/31 19:07:11 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/08/31 19:07:11 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/08/31 19:06:44 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/08/27 19:57:13 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\MaryAnn\My Documents\William Webster-Resume.doc
[2009/08/27 19:01:13 | 00,045,224 | ---- | M] () -- C:\Documents and Settings\MaryAnn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/27 18:59:05 | 00,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/27 18:54:35 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/27 18:52:18 | 00,543,382 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/27 18:52:18 | 00,470,760 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/27 18:52:18 | 00,082,928 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/27 18:40:09 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/27 17:03:35 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/20 15:47:08 | 00,000,692 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/08/20 15:47:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/08/20 15:47:08 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/08/17 20:35:12 | 00,033,456 | ---- | M] () -- C:\Documents and Settings\MaryAnn\My Documents\meninblack.jpg
[2009/08/17 12:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 12:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 12:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 12:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 12:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 12:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 12:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 12:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 12:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

========== LOP Check ==========

[2009/08/31 19:08:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/16 15:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/08/20 16:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/25 14:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/21 08:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2004/03/22 15:06:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/08/19 21:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2004/04/07 14:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/08/20 16:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/09/02 15:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/03/22 14:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/06/20 17:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/09/02 15:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/02 15:26:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\MaryAnn\Application Data
[2008/07/21 08:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\acccore
[2008/07/21 08:39:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\Aim
[2008/07/23 21:46:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\Command & Conquer 3 Kane's Wrath
[2004/10/26 13:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\COREL
[2009/09/02 15:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\Dropbox
[2009/05/30 15:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\Hamachi
[2008/06/20 16:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\MSN6
[2009/09/02 13:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MaryAnn\Application Data\uTorrent
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/09/03 18:49:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009/08/31 17:08:21 | 00,000,000 | ---D | M] -- C:
[2009/09/02 15:34:57 | 00,000,000 | ---D | M] -- C:\_OTL
[2009/08/21 13:19:34 | 00,000,000 | ---D | M] -- C:\3ed901e8d4ad741e8056109bd976ed
[2009/08/21 13:39:49 | 00,000,000 | ---D | M] -- C:\5ebc344fcf9d2289a15da4a0e2f27b
[2009/08/28 12:14:00 | 00,000,000 | -H-D | M] -- C:\Config.Msi
[2004/03/29 10:47:14 | 00,000,000 | ---D | M] -- C:\DELL
[2009/08/20 14:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2004/03/22 14:26:26 | 00,000,000 | ---D | M] -- C:\DRIVERS
[2008/12/09 21:28:32 | 00,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008/03/11 15:12:04 | 00,000,000 | ---D | M] -- C:\GALAXY
[2009/08/20 15:58:01 | 00,000,000 | ---D | M] -- C:\install
[2004/03/22 15:02:08 | 00,000,000 | ---D | M] -- C:\My Music
[2009/09/03 14:33:40 | 00,000,000 | R--D | M] -- C:\Program Files
[2004/03/29 16:33:03 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/08/21 09:46:09 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2008/07/23 21:23:38 | 00,000,000 | ---D | M] -- C:\TEMP
[2006/09/24 20:07:38 | 00,000,000 | ---D | M] -- C:\UPS
[2008/07/24 00:14:48 | 00,000,000 | ---D | M] -- C:\UT2004
[2009/03/12 16:23:00 | 00,000,000 | ---D | M] -- C:\Westwood
[2009/09/02 16:11:30 | 00,000,000 | ---D | M] -- C:\WINDOWS
[2004/05/26 17:44:07 | 00,000,000 | ---D | M] -- C:\WUTemp

< %PROGRAMFILES%\*. >
[2009/09/03 14:33:40 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/08/13 13:29:18 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/07/21 08:39:12 | 00,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/08/27 17:03:15 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2008/07/21 08:38:44 | 00,000,000 | ---D | M] -- C:\Program Files\AOD
[2009/08/19 21:33:02 | 00,000,000 | ---D | M] -- C:\Program Files\AOL
[2009/06/01 19:53:28 | 00,000,000 | ---D | M] -- C:\Program Files\Audiosurf
[2009/09/02 15:26:45 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/03/22 14:26:34 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/03/22 15:08:08 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2004/03/22 15:09:19 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2009/06/01 19:15:21 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/06/30 16:31:06 | 00,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2008/08/01 15:40:41 | 00,000,000 | ---D | M] -- C:\Program Files\EA Games
[2004/03/22 15:04:02 | 00,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2008/08/01 16:57:20 | 00,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2004/12/22 10:44:01 | 00,000,000 | ---D | M] -- C:\Program Files\Electronic Innovations
[2009/08/27 16:30:21 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/06/01 19:09:17 | 00,000,000 | ---D | M] -- C:\Program Files\Fiddler2
[2009/08/31 19:08:51 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2004/05/27 11:44:44 | 00,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2008/08/26 12:41:36 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2008/08/01 15:40:41 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/03/22 15:00:00 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/08/27 18:43:35 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2004/03/22 15:09:57 | 00,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2004/03/22 14:49:11 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/27 16:32:29 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/14 02:50:22 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/03/22 15:04:09 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2004/03/29 14:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/03/22 15:05:07 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2004/03/29 14:55:00 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/08/20 08:15:44 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2004/03/29 15:00:11 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2004/03/22 14:59:54 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2004/03/22 15:00:07 | 00,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2008/06/22 22:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/03/03 14:42:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2009/09/03 18:53:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/27 18:46:53 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/03/22 14:26:30 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/03/22 14:26:32 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/06/26 00:38:20 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2004/03/22 15:07:38 | 00,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/06/22 22:53:42 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/03/29 14:32:22 | 00,000,000 | ---D | M] -- C:\Program Files\New Folder
[2009/08/13 18:46:15 | 00,000,000 | ---D | M] -- C:\Program Files\NOS
[2004/03/22 14:26:34 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/13 02:10:25 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/02/20 14:34:15 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/31 19:06:45 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/27 18:46:40 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2004/03/29 14:58:09 | 00,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2009/09/02 15:44:22 | 00,000,000 | ---D | M] -- C:\Program Files\Steam
[2008/06/20 17:13:06 | 00,000,000 | ---D | M] -- C:\Program Files\support.com
[2009/08/27 15:27:13 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/06/20 16:17:13 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/06/22 19:55:02 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/03/03 14:41:40 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/09/02 15:32:47 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2004/05/27 11:49:52 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2008/06/23 01:54:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/06/23 01:54:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/06/22 22:53:17 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/06/22 16:54:25 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/07/23 21:43:10 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2004/03/22 15:03:31 | 00,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2004/03/22 14:26:34 | 00,000,000 | ---D | M] -- C:\Program Files\XEROX
[2004/03/22 15:13:27 | 00,000,000 | ---D | M] -- C:\Program Files\Your Company Name
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP