Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware - Vundo.N - servicedm


  • This topic is locked This topic is locked
9 replies to this topic

#1 frfolk

frfolk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 19 April 2009 - 09:11 AM

For several days I've been combating some malicious software and I feel like I'm losing the battle. Stopzilla shows infections from Vundo.N and servicedm, Malwarebytes shows infections from Trojan.Agent and Trojan. Ertfor. I've selected to fix and remove the problems, but of course they still persist. I'm dealing with windows closing on their own, loss of ability to type. I also cannot restart or shut down the computer, I can only hold the button in to force a shut down. I am also unable to start the computer in safe mode. Another sign of a problem is that most running processes in task manager are using tons more resources than they normally show... lotsa lotsa problems. Anyway, here are the logs as requested.

Thanks for your time
-Ryan

PS - Sorry, but I cannot attach the ATTACH.txt document because my browser window closes before the file can fully upload. If you'd like me to copy the contents and paste them into another reply I can... just let me know.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Ryan's Desktop at 9:47:03.50 on Sun 04/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.191 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Ryan's Desktop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan's Desktop\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system\blank.htm
mSearch Bar = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RegMech.exe" /H
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [Google Update] "c:\documents and settings\ryan's desktop\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Diagnostic Manager] c:\docume~1\ryan's~1\locals~1\temp\1036060648.exe
uRun: [Registry Repair Wizard Scheduler] "c:\program files\smartpctools\registry repair wizard\RCHelper.exe" /startup
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [REGSHAVE] "c:\program files\regshave\REGSHAVE.EXE" /AUTORUN
mRun: [hcsystray] "c:\program files\kuma games\hcsystray\hc_tray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\sy

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:41 AM

Posted 20 April 2009 - 03:12 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 frfolk

frfolk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 20 April 2009 - 07:19 PM

Hey Sam, thanks for the quick reply!

So far the story is the same, lots of problems with windows closing on their own, and now my desktop displays the "active desktop recovery" screen. The GMER log would only run for a couple of minutes before the computer would restart altogether. I managed to copy and save as much of the log as I could before it reached the point where it was consistently restarting, so I apologize for that log being incomplete. OtListIt2 yielded 2 reports "OTlistit" and "extras", so I've included both below.

Thanks!

-Ryan


OTListIt logfile created on: 4/20/2009 7:27:49 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Ryan's Desktop\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 168.95 Mb Available Physical Memory | 16.51% Memory free
2.08 Gb Paging File | 1.51 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1700;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 5.92 Gb Free Space | 15.90% Space Free | Partition Type: NTFS
Drive D: | 483.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 121.74 Gb Free Space | 52.28% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Ryan's Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/31 14:58:50 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2007/06/13 06:23:07 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/10/22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2002/07/16 17:21:48 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2004/02/12 14:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/10/09 17:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/03/01 19:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/03/01 19:55:36 | 04,865,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2007/03/15 19:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2008/07/08 17:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/04/16 11:55:37 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan's Desktop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/04/11 05:33:28 | 01,052,928 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2000/08/08 14:33:12 | 00,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE
PRC - [2007/06/11 18:16:12 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/03/01 19:55:46 | 00,168,512 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
PRC - [2009/03/31 12:29:08 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/20 19:26:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan's Desktop\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (

#4 frfolk

frfolk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 20 April 2009 - 07:22 PM

Hey Sam, thanks for the quick reply!

So far the story is the same, lots of problems with windows closing on their own, and now my desktop displays the "active desktop recovery" screen. The GMER log would only run for a couple of minutes before the computer would restart altogether. I managed to copy and save as much of the log as I could before it reached the point where it was consistently restarting, so I apologize for that log being incomplete. OtListIt2 yielded 2 reports "OTlistit" and "extras", so I've included both below.

Thanks!

-Ryan


OTListIt logfile created on: 4/20/2009 7:27:49 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Ryan's Desktop\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 168.95 Mb Available Physical Memory | 16.51% Memory free
2.08 Gb Paging File | 1.51 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1700;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 5.92 Gb Free Space | 15.90% Space Free | Partition Type: NTFS
Drive D: | 483.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 121.74 Gb Free Space | 52.28% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Ryan's Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/31 14:58:50 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2007/06/13 06:23:07 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/10/22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2002/07/16 17:21:48 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2004/02/12 14:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/10/09 17:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/03/01 19:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/03/01 19:55:36 | 04,865,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2007/03/15 19:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2008/07/08 17:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/04/16 11:55:37 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan's Desktop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/04/11 05:33:28 | 01,052,928 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2000/08/08 14:33:12 | 00,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE
PRC - [2007/06/11 18:16:12 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/03/01 19:55:46 | 00,168,512 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
PRC - [2009/03/31 12:29:08 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/20 19:26:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan's Desktop\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Run

#5 frfolk

frfolk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 20 April 2009 - 08:23 PM

Hey Sam... tried google chrome and it lets me upload attachments since firefox won't. also included the ATTACH.txt document from the initial DDS scan that I couldn't attach on Sunday. Hope this helps

-Ryan


OTListIt logfile created on: 4/20/2009 7:27:49 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Ryan's Desktop\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 168.95 Mb Available Physical Memory | 16.51% Memory free
2.08 Gb Paging File | 1.51 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1700;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 5.92 Gb Free Space | 15.90% Space Free | Partition Type: NTFS
Drive D: | 483.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 121.74 Gb Free Space | 52.28% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Ryan's Desktop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/31 14:58:50 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2007/06/13 06:23:07 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/10/22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2002/07/16 17:21:48 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2004/02/12 14:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/10/09 17:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/03/01 19:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/03/01 19:55:36 | 04,865,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2007/03/15 19:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2008/07/08 17:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/04/16 11:55:37 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan's Desktop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/04/11 05:33:28 | 01,052,928 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2000/08/08 14:33:12 | 00,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE
PRC - [2007/06/11 18:16:12 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/03/01 19:55:46 | 00,168,512 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
PRC - [2009/03/31 12:29:08 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/20 19:26:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan's Desktop\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/01/03 13:53:54 | 01,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2008/11/14 19:41:55 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/03/18 17:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2007/01/22 14:33:40 | 00,061,440 | ---- | M] () -- C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe -- (SansaService [Auto | Stopped])
SRV - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
SRV - [2009/03/31 14:58:50 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/03/01 19:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 01:31:18 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Stopped])
DRV - [2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
DRV - [2009/04/17 17:00:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Stopped])
DRV - [2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Running])
DRV - [2007/03/22 13:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\elagopro.sys -- (elagopro [Auto | Running])
DRV - [2007/03/22 13:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\elaunidr.sys -- (elaunidr [Auto | Running])
DRV - [2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
DRV - [2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
DRV - [2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys -- (Fallback [Auto | Running])
DRV - [2001/10/17 09:09:00 | 00,035,840 | R--- | M] (SMC Networks Inc. ) -- C:\WINDOWS\system32\DRIVERS\FastNIC.sys -- (FastNIC [On_Demand | Running])
DRV - [2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys -- (Fsks [Auto | Running])
DRV - [2004/08/04 02:08:21 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2005/03/08 00:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/03/08 00:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005/03/08 00:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2004/08/04 01:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2004/08/04 01:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand | Running])
DRV - [2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
DRV - [2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys -- (K56 [Auto | Running])
DRV - [2002/06/21 18:42:50 | 00,008,224 | ---- | M] (MicroStaff Co.,Ltd.) -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT [Auto | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (mbamswissarmy [On_Demand | Stopped])
DRV - [2006/01/17 22:43:18 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2004/08/04 01:41:55 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/09/29 16:36:29 | 00,015,360 | RH-- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Stopped])
DRV - [2006/10/22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/17 08:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4.sys -- (nv4 [On_Demand | Stopped])
DRV - [2009/03/06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
DRV - [2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys -- (SoftFax [Auto | Running])
DRV - [2007/03/01 19:54:16 | 00,020,544 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509 [Boot | Running])
DRV - [2007/03/01 19:54:16 | 00,022,080 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD [Boot | Running])
DRV - [2007/03/01 19:54:18 | 00,144,960 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV [Boot | Running])
DRV - [2007/03/01 19:54:22 | 00,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\System32\Drivers\sskbfd.sys -- (SSKBFD [On_Demand | Running])
DRV - [2009/03/12 12:18:10 | 00,054,656 | R--- | M] (iS3 Inc.) -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5 [Boot | Running])
DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys -- (Tones [Auto | Running])
DRV - [2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_V124.sys -- (V124 [Auto | Running])
DRV - [2004/08/04 01:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand | Running])
DRV - [2003/03/25 05:37:30 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
DRV - [2003/03/25 05:37:34 | 00,021,216 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
DRV - [2003/03/25 05:37:30 | 00,005,728 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
DRV - [2003/03/25 05:37:28 | 00,040,256 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://start.earthlink.net/
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://start.earthlink.net/
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\s-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-20\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1004\s-1-5-21-746137067-2052111302-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-21-746137067-2052111302-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566....earthlink.net/
IE - URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1005\s-1-5-21-746137067-2052111302-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-21-746137067-2052111302-839522115-1005\s-1-5-21-746137067-2052111302-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\s-1-5-21-746137067-2052111302-839522115-500\s-1-5-21-746137067-2052111302-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {81ABA1C0-04C8-4311-B6FF-75F05AF3F760}:1.0
FF - prefs.js..extensions.enabledItems: {94EC96F2-44EA-433D-BAE3-891BBBCA50F9}:1.0
FF - prefs.js..extensions.enabledItems: {C669295F-F5BA-4B96-BC30-686CD9E392FF}:1.0
FF - prefs.js..extensions.enabledItems: {CEC83207-8302-4B40-B5E8-DD6DBFF78AFF}:1.0
FF - prefs.js..extensions.enabledItems: {C3E48BB0-16B0-4CA7-B857-66C25C790BA7}:1.0
FF - prefs.js..extensions.enabledItems: {25E43257-4F85-4389-B1FC-A9BB28F74DB1}:1.0
FF - prefs.js..extensions.enabledItems: {9D2EAA90-9720-4B27-95B2-FC00687D22C8}:1.0
FF - prefs.js..extensions.enabledItems: {ABCAA93B-0CBC-4A59-949F-8100E81DEE32}:1.0
FF - prefs.js..extensions.enabledItems: {BDD7A628-E811-401C-BA9A-458B87C703CD}:1.0
FF - prefs.js..extensions.enabledItems: {43D462F4-D4D9-43A5-A194-34ED623C4FFE}:1.0
FF - prefs.js..extensions.enabledItems: {FBB084DB-FDC3-4468-A1F9-CE42F1209C0F}:1.0
FF - prefs.js..extensions.enabledItems: {6009AC9F-0369-42A0-80C5-AAF8CE7AFF73}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{94EC96F2-44EA-433D-BAE3-891BBBCA50F9}: C:\DOCUMENTS AND SETTINGS\RYAN'S DESKTOP\LOCAL SETTINGS\APPLICATION DATA\{94EC96F2-44EA-433D-BAE3-891BBBCA50F9} [2009/04/15 19:02:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C3E48BB0-16B0-4CA7-B857-66C25C790BA7}: C:\DOCUMENTS AND SETTINGS\FAMILY DESKTOP\LOCAL SETTINGS\APPLICATION DATA\{C3E48BB0-16B0-4CA7-B857-66C25C790BA7}\ [2009/04/15 20:00:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/17 22:50:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/31 12:29:15 | 00,000,000 | ---D | M]

[2009/03/06 00:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan's Desktop\Application Data\mozilla\Extensions
[2008/09/05 08:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan's Desktop\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/06 00:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan's Desktop\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/04/19 12:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan's Desktop\Application Data\mozilla\Firefox\Profiles\56wey3ao.default\extensions
[2008/07/03 13:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan's Desktop\Application Data\mozilla\Firefox\Profiles\56wey3ao.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/19 12:47:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/17 23:28:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{25E43257-4F85-4389-B1FC-A9BB28F74DB1}
[2009/04/18 10:21:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{43D462F4-D4D9-43A5-A194-34ED623C4FFE}
[2009/04/18 22:14:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{6009AC9F-0369-42A0-80C5-AAF8CE7AFF73}
[2009/03/29 17:27:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{81ABA1C0-04C8-4311-B6FF-75F05AF3F760}
[2009/03/31 12:29:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/17 23:20:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{9D2EAA90-9720-4B27-95B2-FC00687D22C8}
[2009/04/17 23:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{ABCAA93B-0CBC-4A59-949F-8100E81DEE32}
[2009/04/17 23:18:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{BDD7A628-E811-401C-BA9A-458B87C703CD}
[2009/04/04 20:51:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C669295F-F5BA-4B96-BC30-686CD9E392FF}
[2008/03/13 06:47:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/15 19:59:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CEC83207-8302-4B40-B5E8-DD6DBFF78AFF}
[2009/04/18 11:14:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{FBB084DB-FDC3-4468-A1F9-CE42F1209C0F}
[2009/03/31 12:29:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/31 12:29:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/05 08:45:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/05 08:45:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/05 08:45:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/12 22:39:17 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/05 08:45:07 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/08/26 11:57:58 | 00,000,897 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\livecom.png
[2007/08/26 11:57:58 | 00,001,015 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\livecom.src
[2008/09/05 08:45:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/05 08:45:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (21 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (STOPzilla Browser Helper Object) - {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found
O3 - HKU\.default\..\Toolbar\webbrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-18\..\Toolbar\webbrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
O4 - HKLM..\Run: [hcsystray] "C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" ()
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" (Microsoft® Corporation)
O4 - HKLM..\Run: [mssadv.exe] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] "nwiz.exe" /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray (Webroot Software, Inc.)
O4 - HKU\.default..\Run: [SansaDispatch] C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\.default..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (Symantec Corporation)
O4 - HKU\.default..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE File not found
O4 - HKU\s-1-5-18..\Run: [SansaDispatch] C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\s-1-5-18..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (Symantec Corporation)
O4 - HKU\s-1-5-18..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE File not found
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1004..\Run: [Diagnostic Manager] C:\DOCUME~1\RYAN'S~1\LOCALS~1\Temp\1036060648.exe File not found
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1004..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1004..\Run: [Google Update] "C:\Documents and Settings\Ryan's Desktop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1004..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup (SmartPCTools)
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1004..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H (PC Tools)
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1004..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer Networking Limited)
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1004..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-1005..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\s-1-5-21-746137067-2052111302-839522115-500..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.default\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.default\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\s-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\s-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19_classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-19_classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20_classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-20_classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1004_classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1004_classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\s-1-5-21-746137067-2052111302-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.default\..Trusted Domains: 113 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-18\..Trusted Domains: 113 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-19\..Trusted Domains: 113 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-20\..Trusted Domains: 113 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\..Trusted Domains: yahoo.com ([us.f806.mail] https in Trusted sites)
O15 - HKU\s-1-5-21-746137067-2052111302-839522115-1004\..Trusted Domains: 135 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-21-746137067-2052111302-839522115-1005\..Trusted Sites: ([]msn in My Computer)
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} http://activex.microsoft.com/objects/ocget.dll (SdcNetCheckCtl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (karna.datS\system3) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\system32\WRLogonNTF.dll (Webroot Software, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 08:31:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/18 08:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d0921d8e-cd5b-11dd-9e93-0050bf9ac673}\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files]
[2009/04/20 19:26:48 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\fkkhi6f3.exe
[2009/04/20 19:26:33 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan's Desktop\Desktop\OTListIt2.exe
[2009/04/19 16:15:40 | 00,000,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2009/04/19 16:15:09 | 00,001,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/04/19 09:46:11 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\dds.scr
[2009/04/19 09:25:47 | 00,034,829 | ---- | C] () -- C:\VETlog.dmp
[2009/04/19 00:03:09 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaws.sys
[2009/04/18 22:27:14 | 00,000,811 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\Registry Repair Wizard 2009.lnk
[2009/04/18 22:27:13 | 00,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2009/04/18 22:26:38 | 03,079,144 | ---- | C] (SmartPCTools Software ) -- C:\Documents and Settings\Ryan's Desktop\Desktop\registry-repair-wizard(2).exe
[2009/04/18 22:23:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\registry-repair-wizard.exe
[2009/04/18 22:23:52 | 00,254,600 | ---- | C] (SmartPCTools Software ) -- C:\Documents and Settings\Ryan's Desktop\Desktop\registry-repair-wizard.exe.part
[2009/04/17 23:21:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
[2009/04/17 23:20:35 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/04/17 23:20:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/04/17 23:20:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
[2009/04/17 17:00:53 | 00,089,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\31f1c87e.sys
[2009/04/17 17:00:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/04/17 09:00:39 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/16 11:57:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan's Desktop\My Documents\Downloads
[2009/04/16 11:55:45 | 00,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2052111302-839522115-1004.job
[2009/04/16 11:55:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan's Desktop\Local Settings\Application Data\Deployment
[2009/04/15 23:28:45 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/04/15 23:28:45 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/04/15 23:28:43 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/04/15 23:28:42 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/15 19:12:53 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/04/15 19:02:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan's Desktop\Local Settings\Application Data\{94EC96F2-44EA-433D-BAE3-891BBBCA50F9}
[2009/04/15 19:02:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dgewapanuvazi.bin
[2009/04/15 19:02:51 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Jkupoqiqurihiki.dat
[2009/04/15 05:18:12 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Winset20.exe
[2009/04/12 11:19:16 | 00,162,539 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6998 6.jpg
[2009/04/12 11:18:00 | 00,173,755 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6982 5.jpg
[2009/04/12 11:17:21 | 00,149,027 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6985 4.jpg
[2009/04/12 10:58:09 | 00,190,599 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6952 3.jpg
[2009/04/12 10:56:09 | 00,192,630 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6967 2.jpg
[2009/04/12 10:54:12 | 00,193,118 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6958 1.jpg
[2009/04/06 13:35:27 | 00,088,775 | ---- | C] () -- C:\WINDOWS\System32\pic.jpg
[2009/04/05 08:46:23 | 00,031,744 | ---- | C] () -- C:\WINDOWS\System32\1000.exe
[2009/04/04 21:48:30 | 00,279,506 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\vandalia branch.jpg
[2009/04/04 21:17:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/03 09:42:26 | 00,105,170 | ---- | C] () -- C:\WINDOWS\System32\drivers\740f5667.sys
[2009/03/31 20:27:55 | 01,908,014 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\Indiana%20railroads%202005.pdf
[2009/03/31 14:57:00 | 00,017,408 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/03/31 14:56:00 | 00,294,912 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/03/31 14:55:36 | 00,540,672 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2009/03/31 13:33:27 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/31 12:57:59 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/03/31 12:57:46 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/03/31 12:57:46 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/03/31 12:57:28 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/03/31 12:57:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/03/31 12:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/03/31 12:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan's Desktop\Application Data\PC Tools
[2009/03/31 12:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2009/03/31 12:57:18 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/03/31 12:57:15 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/03/30 14:05:34 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/30 14:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan's Desktop\Application Data\HouseCall 6.6
[2009/03/30 13:22:56 | 28,365,104 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\snagit.exe
[2009/03/30 08:54:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\HijackThis.lnk
[2009/03/30 08:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/30 08:53:43 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ryan's Desktop\Desktop\HJTInstall.exe
[2009/03/27 10:56:06 | 00,126,976 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2009/03/27 10:55:58 | 00,393,216 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2009/03/27 10:55:16 | 00,372,736 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2009/03/27 10:55:00 | 00,061,440 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2009/03/27 10:54:40 | 00,023,040 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2009/03/27 10:54:22 | 00,221,184 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2009/03/27 10:54:02 | 00,094,208 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2009/03/27 10:53:50 | 00,090,112 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2009/03/27 10:50:34 | 00,716,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2008/09/06 15:05:05 | 00,001,960 | ---- | C] () -- C:\WINDOWS\Waybills.ini
[2008/09/06 15:05:05 | 00,001,365 | ---- | C] () -- C:\WINDOWS\System32\MS4963WA.DLL
[2008/06/14 00:32:45 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/02/02 15:20:44 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/07/20 14:08:04 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2007/03/18 21:03:16 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/11 19:31:00 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/11 19:30:58 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/22 13:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/21 20:38:21 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/07/02 11:43:48 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/07/02 11:43:47 | 00,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/01/02 10:26:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ieso32.dll
[2005/10/21 13:34:49 | 00,000,062 | ---- | C] () -- C:\WINDOWS\einit.ini
[2005/10/10 09:10:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/10/10 09:10:24 | 00,000,716 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/08/09 18:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/01/02 14:52:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2004/11/25 15:36:08 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2004/10/21 19:56:38 | 00,000,035 | ---- | C] () -- C:\WINDOWS\earthlink.INI
[2004/09/12 19:22:49 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/09/12 19:22:49 | 00,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2004/09/12 19:22:49 | 00,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2004/09/12 19:22:49 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/08/08 04:39:28 | 00,000,008 | ---- | C] () -- C:\WINDOWS\syspol32.sys
[2004/02/19 00:17:41 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Morphexe.INI
[2004/01/27 16:06:03 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\GeoCtl.dll
[2003/11/15 13:30:39 | 00,010,564 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2003/10/24 12:32:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/07 00:10:42 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/10/07 00:08:40 | 00,001,284 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2003/10/07 00:01:11 | 00,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2003/10/06 15:16:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 15:16:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 15:16:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 15:16:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/09/01 21:00:48 | 00,000,162 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/08/19 00:16:53 | 00,000,034 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2001/08/18 08:00:00 | 00,000,893 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/18 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/18 07:57:51 | 01,580,544 | ---- | C] () -- C:\WINDOWS\System32\sfcfiles.dll

========== Files - Modified Within 30 Days ==========

[85 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files]
[2009/04/20 19:30:10 | 00,089,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\31f1c87e.sys
[2009/04/20 19:30:07 | 00,105,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\740f5667.sys
[2009/04/20 19:26:48 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\fkkhi6f3.exe
[2009/04/20 19:26:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan's Desktop\Desktop\OTListIt2.exe
[2009/04/19 21:36:12 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\Microsoft Excel (2).lnk
[2009/04/19 16:18:02 | 00,001,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/04/19 16:16:12 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/19 16:15:40 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2009/04/19 16:14:12 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/19 16:13:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 16:13:34 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/19 16:10:22 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/19 15:44:06 | 00,408,660 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 15:44:06 | 00,064,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/19 09:46:11 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\dds.scr
[2009/04/19 09:31:12 | 00,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/19 09:25:47 | 00,034,829 | ---- | M] () -- C:\VETlog.dmp
[2009/04/19 00:03:09 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\gaws.sys
[2009/04/18 23:54:51 | 00,086,016 | -HS- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\Thumbs.db
[2009/04/18 23:54:48 | 00,010,752 | -HS- | M] () -- C:\Documents and Settings\Ryan's Desktop\My Documents\Thumbs.db
[2009/04/18 22:27:14 | 00,000,811 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\Registry Repair Wizard 2009.lnk
[2009/04/18 22:26:45 | 03,079,144 | ---- | M] (SmartPCTools Software ) -- C:\Documents and Settings\Ryan's Desktop\Desktop\registry-repair-wizard(2).exe
[2009/04/18 22:23:54 | 00,254,600 | ---- | M] (SmartPCTools Software ) -- C:\Documents and Settings\Ryan's Desktop\Desktop\registry-repair-wizard.exe.part
[2009/04/18 22:23:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\registry-repair-wizard.exe
[2009/04/18 22:09:36 | 00,476,812 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 23:23:06 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/17 17:00:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/04/17 09:00:39 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/17 09:00:35 | 00,031,744 | ---- | M] () -- C:\WINDOWS\System32\1000.exe
[2009/04/16 11:55:45 | 00,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2052111302-839522115-1004.job
[2009/04/15 19:12:53 | 00,074,240 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2009/04/15 19:02:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Dgewapanuvazi.bin
[2009/04/15 19:02:51 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Jkupoqiqurihiki.dat
[2009/04/15 05:18:13 | 00,044,544 | ---- | M] () -- C:\WINDOWS\System32\Winset20.exe
[2009/04/12 11:19:18 | 00,162,539 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6998 6.jpg
[2009/04/12 11:18:02 | 00,173,755 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6982 5.jpg
[2009/04/12 11:17:23 | 00,149,027 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6985 4.jpg
[2009/04/12 10:58:11 | 00,190,599 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6952 3.jpg
[2009/04/12 10:56:11 | 00,192,630 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6967 2.jpg
[2009/04/12 10:54:18 | 00,193,118 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\IMG_6958 1.jpg
[2009/04/12 10:37:54 | 00,004,036 | -H-- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\ZbThumbnail.info
[2009/04/11 20:22:08 | 00,088,775 | ---- | M] () -- C:\WINDOWS\System32\pic.jpg
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 13:34:30 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/04 21:49:40 | 00,279,506 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\vandalia branch.jpg
[2009/04/04 21:17:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/03 13:43:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/02 10:03:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/31 20:27:55 | 01,908,014 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\Indiana%20railroads%202005.pdf
[2009/03/31 14:57:00 | 00,017,408 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/03/31 14:56:00 | 00,294,912 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/03/31 14:55:36 | 00,540,672 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2009/03/30 13:24:05 | 28,365,104 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\snagit.exe
[2009/03/30 08:54:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ryan's Desktop\Desktop\HijackThis.lnk
[2009/03/30 08:53:43 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ryan's Desktop\Desktop\HJTInstall.exe
[2009/03/30 02:00:02 | 00,001,402 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
[2009/03/27 10:56:06 | 00,126,976 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2009/03/27 10:55:58 | 00,393,216 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2009/03/27 10:55:16 | 00,372,736 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2009/03/27 10:55:00 | 00,061,440 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2009/03/27 10:54:40 | 00,023,040 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2009/03/27 10:54:22 | 00,221,184 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2009/03/27 10:54:02 | 00,094,208 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2009/03/27 10:53:50 | 00,090,112 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2009/03/27 10:50:34 | 00,716,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1
< End of report >

Attached Files


Edited by Buckeye_Sam, 21 April 2009 - 03:19 PM.
add log


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:41 AM

Posted 21 April 2009 - 03:32 PM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

================


It looks like you've installed several programs in an effort to resolve your problem. Some of these programs may be complicating things even further. I recommend that you uninstall these programs:

STOPzilla
Registry Mechanic 8.0
Registry Repair Wizard
Viewpoint Manager
Viewpoint Media Player




================


Download Security Check by screen317 and save it to your Desktop.
  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.



===============


Now let's do a full scan with Malwarebytes.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 frfolk

frfolk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 21 April 2009 - 09:00 PM

loss of ability to type.


Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
NortonWMIUpdate
TaxCutPremium+State+Efile 2007
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Out of date Spybot installed!
Ad-Aware
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
Spybot - Search & Destroy
Spy Sweeper
Windows Defender Signatures
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MsMpEng.exe is disabled!
Windows Defender MSASCui.exe is disabled!
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot SDHelper is disabled!
Spybot - Search & Destroy TeaTimer.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 26 seconds.
`````````End of Log```````````




Malwarebytes' Anti-Malware 1.36
Database version: 2009
Windows 5.1.2600 Service Pack 2

4/21/2009 9:36:11 PM
mbam-log-2009-04-21 (21-36-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 51750
Time elapsed: 1 hour(s), 27 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


Edited by Buckeye_Sam, 22 April 2009 - 11:15 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:41 AM

Posted 22 April 2009 - 11:30 AM

You can uninstall this outdated version of Spybot.

Spybot - Search & Destroy 1.4


It doesn't look like you have an active antivirus. I see signs of Norton, but it looks like it's outdated also.

I do not see any indication of an active malware infection.
Have you tried swapping out another keyboard to see if that resolves the typing issue?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 frfolk

frfolk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 22 April 2009 - 05:52 PM

I'm using a work computer right now so I can actually type. I'm still having all the same problems at home, with the exception of windows closing on their own - that seems to be resolved. As far as the typing issue is concerned, I have not tried another keyboard. The typing either works fine, or not at all for the duration of when the computer is on, after the computer is restarted. There doesn't seem to be any pattern to when it will work and when it wont. I will try to get a new antivirus program working as soon as I can. Is there a chance that my registry has been damaged by the previous infections? any recommendations on where to go from here?

Thanks!

-Ryan

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:41 AM

Posted 22 April 2009 - 07:10 PM

I think most likely the so called registry repair programs have done a number on you. Many times these programs will create more issues than they ever fix.

I would first do some troubleshooting to be sure that your issues are not hardware related.

Then your best option might be to perform a repair installation of Windows XP.
http://support.microsoft.com/kb/315341
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users