Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Antivirus / ABout: Blank infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 susan2348

susan2348

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 22 August 2009 - 04:48 PM

Hi,
I'm fairly sure I'm infected with about:blank virus and personal antivirus. I think I was able to remove the personal antivirus, but I still see the words "about:blank" in my browser window during searches. Can you please help me? Thank you!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 04 September 2009 - 05:39 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

NOTE: please copy and paste the logs into your reply instead of attaching them. Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 susan2348

susan2348
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 09 September 2009 - 05:01 PM

Thank you for your response. Here are the log files:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Susan at 17:52:40.25 on Wed 09/09/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.54 [GMT -4:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Webroot Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Susan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by Insightbb.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [BCMSMMSG] "BCMSMMSG.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: elsevier.com\evolvels
Trusted Zone: siemensmedical.com\10dydocumentmanagement.asp
Trusted Zone: smshealthconx.net\netaccess
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3785F3BF-8770-47EE-AB71-665805C608C3} - hxxps://promed.scribe.com/md/InetWord/packages/InetWord.CAB
DPF: {3EA7D822-1ED7-4988-BFCA-C14733EE1B32} - hxxps://nfuse.nortonhealthcare.org/Citrix/ICAWEB/en/ica32/download/Helpdesk_ICA_Install/setup.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX28.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38017.7218287037
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remotelink.nortonhealthcare.org/dana-cached/setup/JuniperSetupSP1.cab
DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} - hxxps://links.ulh.org/http/0/64.46.201.254/NTAP081-NTAP-HTM/WebXContextlets.cab
DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} - hxxps://links.ulh.org/http/0/l0dydocumentmanagement.asp.siemensmedical.com/L0DY/html/download/IkmControlDownloader.cab
DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} - hxxps://links.ulh.org/http/0/64.46.201.254/NTAP051-NTAP-HTM/webPrint.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 NEOFLTR_550_11965;Juniper Networks TDI Filter Driver (NEOFLTR_550_11965);c:\windows\system32\drivers\NEOFLTR_550_11965.sys [2007-7-16 63008]
R1 NEOFLTR_620_13649;Juniper Networks TDI Filter Driver (NEOFLTR_620_13649);c:\windows\system32\drivers\NEOFLTR_620_13649.sys [2008-10-21 64480]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.SYS [2009-8-20 5120]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-8-17 1205760]
S2 mrtRate;mrtRate; [x]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2004-9-19 26488]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
S4 Dmiintrra;Dmiintrra; [x]

=============== Created Last 30 ================

2009-09-08 18:01 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-08-29 16:25 31,928 a------- c:\windows\system32\rrMon.sys
2009-08-29 16:25 <DIR> --d----- c:\program files\Registrar Registry Manager
2009-08-26 03:02 1,355 a------- c:\windows\imsins.BAK
2009-08-20 06:26 61,440 a------- c:\windows\system32\ScanAtStartup.dll
2009-08-20 06:22 5,120 a------- c:\windows\system32\drivers\Start1Driver.SYS
2009-08-20 06:22 256 a------- c:\windows\adaway.lic
2009-08-20 06:22 <DIR> --d----- c:\program files\Adware Away
2009-08-17 06:21 <DIR> -cd-h--- C:\$AVG8.VAULT$
2009-08-17 06:12 <DIR> --d----- c:\program files\MSSOAP
2009-08-17 06:10 1,563,008 a------- c:\windows\WRSetup.dll
2009-08-17 06:10 <DIR> --d----- c:\docume~1\susan\applic~1\Webroot
2009-08-17 06:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-08-17 06:10 164 a------- c:\windows\install.dat
2009-08-15 16:47 61,440 a------- c:\windows\system32\ndisapi.dll
2009-08-15 15:41 <DIR> --d----- c:\program files\common files\Uninstall
2009-08-13 03:11 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-13 03:03 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 09:58 78,587 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-21 10:58 34 a------- c:\documents and settings\susan\jagex_runescape_preferences.dat
2009-07-21 10:53 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-16 18:14 4,212 ac--h--- c:\windows\system32\zllictbl.dat
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-26 12:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 12:50 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2008-10-28 18:01 1,663,761 a------- c:\program files\SmitfraudFix.exe
2008-03-09 09:02 99,656 ac------ c:\docume~1\susan\applic~1\GDIPFONTCACHEV1.DAT
2004-10-22 21:07 823,296 ac------ c:\program files\winmx353.exe
2004-09-21 16:38 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2004-01-31 12:36 669 ac------ c:\program files\HP Memories Disc.lnk
2004-01-31 12:13 851 ac------ c:\program files\HP Photo & Imaging.lnk
2004-01-19 11:52 1,475 ac------ c:\program files\Quicken 2004.lnk
2004-01-08 05:55 1,868 ac------ c:\program files\Dell Picture Studio v2.0.lnk
2004-01-08 05:43 1,671 ac------ c:\program files\Burn CDs & DVDs with RecordNow!.lnk
2004-01-08 05:38 1,681 ac------ c:\program files\Solution Center.lnk
2002-07-26 18:02 153,088 ac------ c:\program files\UNWISE.EXE

============= FINISH: 17:54:33.73 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/21/2004 7:09:43 PM
System Uptime: 9/9/2009 3:35:13 AM (14 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2392/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 11.705 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP291: 7/26/2009 3:00:25 AM - Software Distribution Service 3.0
RP292: 7/29/2009 3:00:25 AM - Software Distribution Service 3.0
RP293: 7/30/2009 3:00:43 AM - Software Distribution Service 3.0
RP294: 7/31/2009 3:12:53 AM - System Checkpoint
RP295: 7/31/2009 11:02:59 PM - Installed iTunes
RP296: 8/13/2009 3:00:27 AM - Software Distribution Service 3.0
RP297: 8/14/2009 3:00:31 AM - Software Distribution Service 3.0
RP298: 8/15/2009 3:50:00 AM - System Checkpoint
RP299: 8/16/2009 4:50:03 AM - System Checkpoint
RP300: 8/16/2009 9:35:34 PM - Software Distribution Service 3.0
RP301: 8/17/2009 5:52:46 AM - Installed AVG Free 8.5
RP302: 8/18/2009 7:08:39 PM - System Checkpoint
RP303: 8/19/2009 8:01:23 PM - Removed Ask.com Toolbar.
RP304: 8/19/2009 10:01:24 PM - Software Distribution Service 3.0
RP305: 8/20/2009 6:29:21 AM - Installed Windows Defender
RP306: 8/20/2009 6:31:28 AM - Software Distribution Service 3.0
RP307: 8/20/2009 10:29:20 PM - Software Distribution Service 3.0
RP308: 8/21/2009 11:07:47 PM - System Checkpoint
RP309: 8/23/2009 12:07:47 AM - System Checkpoint
RP310: 8/24/2009 12:08:52 AM - System Checkpoint
RP311: 8/25/2009 12:08:43 AM - Software Distribution Service 3.0
RP312: 8/26/2009 1:07:47 AM - System Checkpoint
RP313: 8/26/2009 3:01:11 AM - Software Distribution Service 3.0
RP314: 8/27/2009 3:00:26 AM - Software Distribution Service 3.0
RP315: 8/27/2009 2:10:44 PM - Software Distribution Service 3.0
RP316: 8/28/2009 1:33:35 AM - Software Distribution Service 3.0
RP317: 8/29/2009 2:14:29 AM - System Checkpoint
RP318: 8/30/2009 11:53:27 AM - Software Distribution Service 3.0
RP319: 8/31/2009 1:01:19 PM - System Checkpoint
RP320: 9/1/2009 1:32:39 AM - Software Distribution Service 3.0
RP321: 9/2/2009 1:48:51 AM - System Checkpoint
RP322: 9/3/2009 2:41:19 AM - System Checkpoint
RP323: 9/3/2009 5:43:04 PM - Software Distribution Service 3.0
RP324: 9/4/2009 6:10:13 PM - System Checkpoint
RP325: 9/5/2009 6:48:19 PM - System Checkpoint
RP326: 9/6/2009 7:07:09 PM - System Checkpoint
RP327: 9/7/2009 8:39:09 PM - System Checkpoint
RP328: 9/7/2009 8:59:06 PM - Software Distribution Service 3.0
RP329: 9/8/2009 9:39:26 PM - System Checkpoint
RP330: 9/9/2009 3:01:30 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Action Replay Code Manager
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Adware Away v3.1.4.c
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Broadcom Management Programs
BufferChm
ccCommon
CCleaner (remove only)
Citrix ICA Web Client
Critical Update for Windows Media Player 11 (KB959772)
D4200
D4200_Help
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support 5.0.0 (766)
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Drivers Install For Linksys Easylink Advisor
DS21Patch
DVDSentry
Google Toolbar for Internet Explorer
GroupWise
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
hp psc 1200 series
HyperLoad
Intel® Extreme Graphics Driver
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 14
Java™ 6 Update 3
LG USB Modem driver
Linksys EasyLink Advisor 1.6 (0032)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
Nintendo Wi-Fi USB Connector Registration Tool
PanoStandAlone
Pinnacle Instant DVD Recorder
PSSWCORE
Quicken 2004
QuickTime
RealPlayer
Registrar Registry Manager 6.02
Registrar Registry Manager 6.02 (Lite Edition)
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Spy Sweeper
Spy Sweeper Core
Status
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VideoToolkit01
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows XP Service Pack 3
WordPerfect Office 11

==== Event Viewer Messages From Past Week ========

9/9/2009 5:54:32 PM, error: ssidrv [26] - Failed to set monitor event rule.
9/8/2009 5:53:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/8/2009 5:53:23 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/4/2009 5:44:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SYMTDI
9/4/2009 5:43:53 PM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/4/2009 5:43:53 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 11 September 2009 - 01:23 PM

Hello, susan2348.
First, to get started.

Welcome to Bleeping Computer. My name is etavares and I will be helping you with your log. I'd also like to let you know that I am in training here at BC. At each stage of the process, my work will be checked by an expert coach. That means there may be a slight delay between my responses as they check it. Don't worry, we won't leave you.

Here's a few things to get started:
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean.
  • If at any point, you are not sure what I am asking for, please ask me and I can better communicate what I mean.
  • Please reply within 5 days of my last post or the thread will be closed. If you will be away or unable to reply, please let me know in advance so the thread is not closed. We have many folks waiting for help and it is not fair to keep an unresponsive thread open.

Thanks!

I also see that you have a registry cleaner installed (in your case Registrar Registry Manager 6.02). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578



Step 1

Did you recently uninstall any Norton software? I see you're using SpySweeper and ZoneAlarm A/V, but I still see remnants of Norton. We can remove those remnants, but I want to ensure it's correct.

Also, is SpySweeper an antispyware or an antivirus program?

Now, I see remnants of malware, but nothing active. I want to take a deeper look considering there was something on your machine.



Step 2

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Step 3

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


Step 4

In your reply, please post:
  • Answer in Step 1 about Norton.
  • OTL log from Step 2
  • RootRepeal log from Step 3


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 14 September 2009 - 05:22 PM

Hi! Have you had a chance to do the above? Please let me know...the thread may be closed in a couple of days if I don't hear back.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 susan2348

susan2348
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 15 September 2009 - 06:09 AM

Thank you etavares!

1. I did install a registry cleaner initially, but I can delete it if you think I need to.

2. I installed Norton Security a long time ago, and for some reason it could never install properly, but it wouldn't let me uninstall it either. I'd like it uninstalled.

3. Spy Sweeper is an antivirus/ virus removal pay program by Web Root. I just recently purchased it to help me remove this virus.

4. I was able to do everything you asked. There was an issue with RootRepeal download. I downloaded the primary mirror zipped file from RootRepeal and saved to my desktop. Then I opened the zip file and got an error box that read: "Error invalid PE image Found!" but once I clicked ok I was able to scan (although I never saw the seven check boxes that you listed in your email - I could only check the SCAN box.) I ran the scan and very quickly it completed and gave me a log that I was able to save. It's listed below.

5. I wasn't sure if I was supposed to download the secondary mirrors from RootRepeal too ? I did try to download the secondary ZIP mirror and received the following error box information:

"06:50:42: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x00000088)"
"06:50:43: DeviceIoControl Error! Error Code = 0x1e7"
"06:50:43: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x00000088)"

I wasn't sure what to do with that so I'll just wait for your instructions.

Here are the requested log files. Thank you so much!!

OTL logfile created on: 9/15/2009 6:32:20 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 63.31 Mb Available Physical Memory | 24.92% Memory free
621.74 Mb Paging File | 273.95 Mb Available in Paging File | 44.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 11.33 Gb Free Space | 29.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEEFCAKE
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 06:13:54 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/21 10:53:33 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2009/07/21 10:53:33 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/05/13 15:39:54 | 06,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2006/10/30 19:40:33 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/21 18:26:50 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
PRC - [2009/09/15 06:31:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2004/08/27 19:22:42 | 00,197,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Disabled | Stopped])
SRV - [2004/08/27 19:22:48 | 00,078,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [Disabled | Stopped])
SRV - [2004/08/27 19:22:48 | 00,164,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Disabled | Stopped])
SRV - File not found -- -- (Dmiintrra [Disabled | Stopped])
SRV - [2009/05/28 17:10:22 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/21 10:53:33 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/02/09 13:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\pclepci.sys -- (PCLEPCI [Auto | Stopped])
SRV - [2003/03/09 16:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2007/07/27 10:41:38 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2009/08/17 06:13:54 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/07/16 16:24:09 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2003/07/16 16:24:22 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2003/07/16 16:24:23 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2003/05/28 19:53:46 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2003/05/23 14:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2003/07/16 16:25:32 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2003/07/16 16:26:33 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys -- (elagopro [Auto | Running])
DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys -- (elaunidr [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/03/09 16:31:00 | 00,051,024 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2003/03/09 16:31:02 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003/03/09 16:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2005/10/19 08:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/01/04 11:07:00 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2003/07/16 16:34:22 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/07/16 18:27:24 | 00,063,008 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\Drivers\NEOFLTR_550_11965.SYS -- (NEOFLTR_550_11965 [System | Running])
DRV - [2008/10/21 18:40:22 | 00,064,480 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\Drivers\NEOFLTR_620_13649.SYS -- (NEOFLTR_620_13649 [System | Running])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2007/01/23 11:11:38 | 00,441,472 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\System32\DRIVERS\MarvinUsb.sys -- (PinnacleMarvinUsb [On_Demand | Stopped])
DRV - [2003/07/16 16:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/07/16 16:42:24 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2003/07/16 16:42:25 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2003/07/16 16:42:26 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2006/04/10 01:02:18 | 00,162,816 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/02/28 11:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2003/07/16 16:46:15 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/04/21 18:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv [Boot | Running])
DRV - [2009/03/14 06:48:40 | 00,005,120 | ---- | M] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver [System | Running])
DRV - [2003/07/16 16:47:09 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2003/07/16 16:47:09 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2004/08/26 10:03:37 | 00,104,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2003/07/16 16:47:09 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2003/07/16 16:47:10 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2003/07/16 16:48:45 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/11/11 13:41:00 | 00,013,056 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2008/11/11 13:41:00 | 00,019,968 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\usbio.sys -- (USBIO [On_Demand | Stopped])
DRV - [2008/11/11 13:42:00 | 00,024,832 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2003/10/08 11:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/10/08 11:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\S-1-5-21-1554417415-1731023960-829595172-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\S-1-5-21-1554417415-1731023960-829595172-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/21 10:53:34 | 00,000,000 | ---D | M]

[2006/07/22 07:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\mozilla\Firefox\Profiles\0ztzf6h1.default\extensions
[2008/10/27 15:07:38 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\FireFox\Profiles\0ztzf6h1.default\searchplugins\search.xml
[2006/08/05 22:35:04 | 02,078,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: (337758 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.preferances.com
O1 - Hosts: 127.0.0.1 ad.doubleclick.com
O1 - Hosts: 127.0.0.1 ads.web.aol.com
O1 - Hosts: 127.0.0.1 ad.preferences.com
O1 - Hosts: 127.0.0.1 ad.washingtonpost.com
O1 - Hosts: 127.0.0.1 adpick.switchboard.com
O1 - Hosts: 127.0.0.1 ads.doubleclick.com
O1 - Hosts: 127.0.0.1 ads.infospace.com
O1 - Hosts: 127.0.0.1 ads.msn.com
O1 - Hosts: 127.0.0.1 ads.switchboard.com
O1 - Hosts: 127.0.0.1 ads.enliven.com
O1 - Hosts: 127.0.0.1 oz.valueclick.com
O1 - Hosts: 127.0.0.1 doubleclick.net
O1 - Hosts: 127.0.0.1 ads.doubleclick.net
O1 - Hosts: 127.0.0.1 ad2.doubleclick.net
O1 - Hosts: 127.0.0.1 ad3.doubleclick.net
O1 - Hosts: 127.0.0.1 ad4.doubleclick.net
O1 - Hosts: 127.0.0.1 ad5.doubleclick.net
O1 - Hosts: 127.0.0.1 ad6.doubleclick.net
O1 - Hosts: 127.0.0.1 ad7.doubleclick.net
O1 - Hosts: 127.0.0.1 ad8.doubleclick.net
O1 - Hosts: 11546 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 118 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 118 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: elsevier.com ([evolvels] http in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: siemensmedical.com ([10dydocumentmanagement.asp] http in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: smshealthconx.net ([netaccess] https in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3785F3BF-8770-47EE-AB71-665805C608C3} https://promed.scribe.com/md/InetWord/packages/InetWord.CAB (InetWord.InetDoc)
O16 - DPF: {3EA7D822-1ED7-4988-BFCA-C14733EE1B32} https://nfuse.nortonhealthcare.org/Citrix/I...stall/setup.cab (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX28.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8017.7218287037 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls.../20/SassCln.CAB (SassCln Object)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remotelink.nortonhealthcare.org/dan...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} https://links.ulh.org/http/0/64.46.201.254/...Contextlets.cab (WebLocator Class)
O16 - DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://links.ulh.org/http/0/l0dydocumentma...lDownloader.cab (IkmControlDownloader Control)
O16 - DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} https://links.ulh.org/http/0/64.46.201.254/...TM/webPrint.cab (Ter Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (Files\Filter\ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (s) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/27 16:34:36 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ef4ed81-ee33-11dd-b362-000d565b229b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef4ed81-ee33-11dd-b362-000d565b229b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/09/15 06:30:55 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2009/09/13 17:49:14 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Theology of the Body 0910.xls
[2009/09/11 07:32:34 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\Recipes.doc
[2009/09/08 18:01:03 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/08 06:30:09 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Family Budget 9-8-09.xls
[2009/09/04 17:43:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/01 22:22:20 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Jake Braden 4.doc
[2009/09/01 05:45:39 | 01,403,363 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Christmas Eve 2008 008.jpg
[2009/09/01 05:44:23 | 01,435,424 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 312.jpg
[2009/09/01 05:43:25 | 01,332,127 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 310.jpg
[2009/09/01 05:43:08 | 01,449,439 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 246.jpg
[2009/09/01 05:42:30 | 00,096,416 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 013.jpg
[2009/09/01 05:42:09 | 04,096,969 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 045.jpg
[2009/09/01 05:41:59 | 01,851,148 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 048.jpg
[2009/08/29 16:25:34 | 00,031,928 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
[2009/08/29 16:25:11 | 00,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2009/08/29 16:25:11 | 00,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2009/08/29 16:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/08/26 03:02:26 | 00,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/23 21:21:59 | 00,402,432 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\8-23-9.doc
[2009/08/23 16:58:04 | 00,130,912 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\ExposingtheFiveMythsofEvangelism.mp3
[2009/08/23 16:45:59 | 34,239,320 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\WhyGodUsesSomePeopleMoreThanOthers.mp3
[2009/08/23 16:44:58 | 38,858,961 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\PrayGreatPrayers.mp3
[2009/08/23 16:43:37 | 34,063,005 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\HowtoFindFreedomfromYourFears.mp3
[2009/08/20 16:44:15 | 00,015,416 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\cc_20090820_164411.reg
[2009/08/20 06:33:40 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/20 06:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/08/20 06:26:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ScanAtStartup.dll
[2009/08/20 06:22:59 | 00,005,120 | ---- | C] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS
[2009/08/20 06:22:58 | 00,000,256 | ---- | C] () -- C:\WINDOWS\adaway.lic
[2009/08/20 06:22:52 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Adware Away.lnk
[2009/08/20 06:22:49 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Away
[2009/08/20 06:05:02 | 26,640,7936 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/19 21:53:37 | 00,761,730 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\cc_20090819_215333.reg
[2009/08/17 06:23:51 | 00,001,656 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L6C116EBCCF0C467C8ECCA70A797EF015.job
[2009/08/17 06:21:35 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/17 06:13:37 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/08/17 06:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/08/17 06:10:54 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/08/17 06:10:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Webroot
[2009/08/17 06:10:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/08/17 06:10:40 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/06/20 20:24:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI
[2008/06/05 22:19:37 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/19 11:33:26 | 00,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
[2007/06/06 07:51:10 | 00,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007/06/06 07:49:26 | 00,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007/06/06 07:20:04 | 00,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/31 19:14:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[2006/05/08 17:06:36 | 00,000,099 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/12/27 22:50:51 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/12/18 18:47:15 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2005/12/18 18:47:15 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2005/12/18 18:47:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2005/12/13 20:47:51 | 00,000,305 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2005/12/13 20:22:52 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p13now.sys
[2005/06/17 21:41:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\kodakpcd.Susan.ini
[2005/03/22 23:56:00 | 00,000,173 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2005/03/13 16:32:07 | 00,000,134 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2004/07/30 20:32:50 | 00,000,045 | ---- | C] () -- C:\WINDOWS\FIHMFNO.ini
[2004/07/09 10:31:18 | 00,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2004/06/20 20:35:52 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2004/06/09 19:53:59 | 00,004,606 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/01/31 21:06:11 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/31 21:04:04 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/31 12:09:40 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/25 21:00:03 | 00,000,703 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/01/23 21:07:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/23 07:48:08 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\PTLCDBAS.INI
[2004/01/23 07:48:08 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\INIVALUE.INI
[2004/01/20 18:27:21 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/01/19 11:52:53 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/19 11:52:52 | 00,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/01/19 11:52:22 | 00,001,867 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/18 14:26:28 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSC62.ini
[2004/01/08 05:57:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/08 05:48:50 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/08 05:44:04 | 00,000,339 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/08 05:39:27 | 00,000,892 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/08 05:21:55 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/08 05:21:34 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/08 05:07:52 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/07 15:01:52 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/09/03 10:59:58 | 00,001,329 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1999/08/10 13:02:20 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 13:02:16 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/22 09:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/11 21:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/09/15 06:31:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2009/09/15 01:51:37 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/14 12:57:13 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Family Budget 9-8-09.xls
[2009/09/14 11:00:41 | 00,000,099 | ---- | M] () -- C:\WINDOWS\webica.ini
[2009/09/14 10:49:01 | 00,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2009/09/13 22:55:58 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/13 17:49:15 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Theology of the Body 0910.xls
[2009/09/13 10:28:54 | 00,121,344 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\map pack.doc
[2009/09/12 23:06:28 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\All legendaries.doc
[2009/09/10 11:32:09 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\Recipes.doc
[2009/09/09 03:35:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/09 03:35:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/09 03:35:36 | 26,640,7936 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/09 03:10:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/09 03:00:11 | 00,001,656 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L6C116EBCCF0C467C8ECCA70A797EF015.job
[2009/09/08 21:21:50 | 34,239,320 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\WhyGodUsesSomePeopleMoreThanOthers.mp3
[2009/09/07 15:45:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/04 17:43:08 | 26,643,6608 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/02 05:34:59 | 03,522,290 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2009/09/01 22:22:20 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Jake Braden 4.doc
[2009/08/29 17:37:02 | 00,007,274 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/25 06:24:20 | 34,063,005 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\HowtoFindFreedomfromYourFears.mp3
[2009/08/25 06:24:02 | 00,130,912 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\ExposingtheFiveMythsofEvangelism.mp3
[2009/08/23 21:21:59 | 00,402,432 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\8-23-9.doc
[2009/08/23 16:45:01 | 38,858,961 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\PrayGreatPrayers.mp3
[2009/08/21 06:09:12 | 00,383,742 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/21 06:09:11 | 00,054,508 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/21 06:09:06 | 00,444,832 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/20 16:44:21 | 00,015,416 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\cc_20090820_164411.reg
[2009/08/20 06:28:38 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/20 06:26:00 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\ScanAtStartup.dll
[2009/08/20 06:22:58 | 00,000,256 | ---- | M] () -- C:\WINDOWS\adaway.lic
[2009/08/20 06:22:52 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Adware Away.lnk
[2009/08/19 21:54:02 | 00,761,730 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\cc_20090819_215333.reg
[2009/08/19 21:45:25 | 00,001,329 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/08/19 21:45:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/08/19 21:45:25 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2009/08/19 20:10:06 | 00,337,758 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/08/17 06:13:37 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/08/17 06:10:41 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57AA94C3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945
< End of report >

OTL Extras logfile created on: 9/15/2009 6:32:20 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 63.31 Mb Available Physical Memory | 24.92% Memory free
621.74 Mb Paging File | 273.95 Mb Available in Paging File | 44.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 11.33 Gb Free Space | 29.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEEFCAKE
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hasbro Interactive\Super Scattergories\Scattergories.exe" = C:\Program Files\Hasbro Interactive\Super Scattergories\Scattergories.exe:*:Enabled:Scattergories -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Documents and Settings\Susan\My Documents\WinMX\WinMX.exe" = C:\Documents and Settings\Susan\My Documents\WinMX\WinMX.exe:*:Enabled:WinMX Application -- File not found
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Disabled:Age of Empires II -- File not found
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Disabled:Age of Empires II Expansion -- File not found
"C:\Program Files\Neoteris\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Neoteris\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- File not found
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"D:\NintendoWFCReg\Setup.exe" = D:\NintendoWFCReg\Setup.exe:*:Enabled:Setup.exe -- File not found
"C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe" = C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007 -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Novell\GroupWise\grpwise.exe" = C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.)
"C:\Novell\GroupWise\notify.exe" = C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.)
"C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:Outlook -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- File not found
"C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe" = C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe:*:Disabled:iMesh 6 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1C016A32-6BE3-475A-AA57-83195D07EE0C}" = GroupWise
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CFD4A9E4-A73A-406F-B28F-A43589387CC0}" = ccCommon
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"Adware Away v3.1.4.c_is1" = Adware Away v3.1.4.c
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = Citrix ICA Web Client
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"HyperLoad" = HyperLoad
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 6.0" = RealPlayer
"Registrar Registry Manager 6.02 (Lite Edition)" = Registrar Registry Manager 6.02 (Lite Edition)
"Registrar_is1" = Registrar Registry Manager 6.02
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2009 7:59:51 PM | Computer Name = BEEFCAKE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 8/21/2009 5:55:30 AM | Computer Name = BEEFCAKE | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.2.1.6, faulting module
quicktime.qts, version 7.62.14.0, fault address 0x00165b12.

Error - 8/27/2009 1:51:12 AM | Computer Name = BEEFCAKE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 8/29/2009 8:19:39 AM | Computer Name = BEEFCAKE | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 6.0.1.1091, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000370d0.

Error - 8/29/2009 4:12:18 PM | Computer Name = BEEFCAKE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/29/2009 5:48:23 PM | Computer Name = BEEFCAKE | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 6.0.12.1741, faulting module
msdxm.ocx, version 6.4.9.1130, fault address 0x0004cdab.

Error - 8/31/2009 5:53:10 AM | Computer Name = BEEFCAKE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

Error - 9/2/2009 10:01:32 PM | Computer Name = BEEFCAKE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5848, fault address 0x0021f612.

Error - 9/4/2009 2:26:18 AM | Computer Name = BEEFCAKE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 9/12/2009 10:48:49 PM | Computer Name = BEEFCAKE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 9/4/2009 5:44:05 PM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SYMTDI

Error - 9/8/2009 5:51:50 PM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 9/8/2009 5:51:50 PM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 9/8/2009 5:52:36 PM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SYMTDI

Error - 9/8/2009 5:53:23 PM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 9/8/2009 5:53:23 PM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 9/9/2009 3:36:12 AM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 9/9/2009 3:36:12 AM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 9/9/2009 3:36:24 AM | Computer Name = BEEFCAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SYMTDI

Error - 9/9/2009 5:54:32 PM | Computer Name = BEEFCAKE | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.


< End of report >

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/15 06:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0xff500618 Size: 568

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0xff4e6438 Size: 3018

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0xff4e63c0 Size: 3138

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0xff4e6348 Size: 3258

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0xff5c8da0 Size: 407

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0xff5c8d28 Size: 527

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0xff5c8cb0 Size: 647

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0xff5058a8 Size: 1280

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0xff505830 Size: 1400

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0xff5057b8 Size: 1520

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0xff4fd368 Size: 492

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0xff4fd2f0 Size: 612

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0xff4fd278 Size: 732

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0xffaf5020 Size: 1858

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xffaf5170 Size: 1522

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0xffaf50f8 Size: 1642

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0xffaf3020 Size: 1601

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0xffaf3178 Size: 1257

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0xffaf3100 Size: 1377

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0xff4fc020 Size: 871

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0xff4fc180 Size: 519

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0xff4fc108 Size: 639

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0xff505020 Size: 3464

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0xff505180 Size: 3112

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0xff505108 Size: 3232

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0xff5c5020 Size: 4064

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0xff5c5180 Size: 3712

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0xff5c5108 Size: 3832

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 17 September 2009 - 06:15 AM

Hello, susan2348.

Can you please tell me a little about the about:blank you're seeing in searches? Are you searching via a toolbar? Does it happen in both Internet Explorer and Firefox? Can you stilll search? Does it redirect your search? Any specifics you can tell us about how it happens will help to fix it.

As for the registry cleaner, that's totally up to you if you want to remove, but we do advise it.



Step 1

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Zonealarm Extreme Antivirus or Webroot Spy Sweeper.



Step 2

Next, let's get rid of the remants from the botched Norton install.

Go to this page at Symantec:

Select the version you tried to install and run the removal tool.



Step 3

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

* Please download erunt-setup.exe to your desktop.
* Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
* Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 4

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    :Services
    Dmiintrra
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    SRV - File not found -- -- (Dmiintrra [Disabled | Stopped])
    :Commands
    [Reboot]
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Step 5

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.



Step 6

In your reply, please include the following:
  • More detail on the about:blank you're seeing.
  • The OTL log from step 4.
  • The GMER log from step 5.

Edited by etavares, 17 September 2009 - 06:16 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 susan2348

susan2348
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 18 September 2009 - 06:55 AM

etavares,

1. Re: the about:blank message: Whenever I perform a search, the computer is very slow, and in the left hand corner (where it would usually would read something like "Opening Page http.www.yahoo.com....) it says about:blank. This only shows while the computer is clocking/thinking. I usually do eventually get to the correct web address I'm trying to get to- but it takes a long time and sometimes it times out. It has actually improved though since we've been working on my computer. Now I only see it about 1/3 of the time.

2. OTL log:
OTL logfile created on: 9/18/2009 7:23:39 AM - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 78.75 Mb Available Physical Memory | 31.00% Memory free
621.74 Mb Paging File | 336.16 Mb Available in Paging File | 54.07% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 11.60 Gb Free Space | 30.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEEFCAKE
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 06:13:54 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/21 10:53:33 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2006/10/30 19:40:33 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/21 10:53:33 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/05/13 15:39:54 | 06,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/21 10:53:33 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/09/15 06:31:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2009/05/28 17:10:22 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/21 10:53:33 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/02/09 13:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\pclepci.sys -- (PCLEPCI [Auto | Stopped])
SRV - [2003/03/09 16:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2007/07/27 10:41:38 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2009/08/17 06:13:54 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/07/16 16:24:09 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2003/07/16 16:24:22 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2003/07/16 16:24:23 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2003/05/28 19:53:46 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2003/05/23 14:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2003/07/16 16:25:32 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2003/07/16 16:26:33 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys -- (elagopro [Auto | Running])
DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys -- (elaunidr [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/03/09 16:31:00 | 00,051,024 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2003/03/09 16:31:02 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003/03/09 16:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2005/10/19 08:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/01/04 11:07:00 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2003/07/16 16:34:22 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/07/16 18:27:24 | 00,063,008 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\Drivers\NEOFLTR_550_11965.SYS -- (NEOFLTR_550_11965 [System | Running])
DRV - [2008/10/21 18:40:22 | 00,064,480 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\Drivers\NEOFLTR_620_13649.SYS -- (NEOFLTR_620_13649 [System | Running])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2007/01/23 11:11:38 | 00,441,472 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\System32\DRIVERS\MarvinUsb.sys -- (PinnacleMarvinUsb [On_Demand | Stopped])
DRV - [2003/07/16 16:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/07/16 16:42:24 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2003/07/16 16:42:25 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2003/07/16 16:42:26 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2006/04/10 01:02:18 | 00,162,816 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/02/28 11:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2003/07/16 16:46:15 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/04/21 18:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv [Boot | Running])
DRV - [2009/03/14 06:48:40 | 00,005,120 | ---- | M] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver [System | Running])
DRV - [2003/07/16 16:47:09 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2003/07/16 16:47:09 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2003/07/16 16:47:09 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2003/07/16 16:47:10 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2003/07/16 16:48:45 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/11/11 13:41:00 | 00,013,056 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2008/11/11 13:41:00 | 00,019,968 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\usbio.sys -- (USBIO [On_Demand | Stopped])
DRV - [2008/11/11 13:42:00 | 00,024,832 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2003/10/08 11:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/10/08 11:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\S-1-5-21-1554417415-1731023960-829595172-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\S-1-5-21-1554417415-1731023960-829595172-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/21 10:53:34 | 00,000,000 | ---D | M]

[2006/07/22 07:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\mozilla\Firefox\Profiles\0ztzf6h1.default\extensions
[2008/10/27 15:07:38 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\FireFox\Profiles\0ztzf6h1.default\searchplugins\search.xml
[2006/08/05 22:35:04 | 02,078,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: (337758 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.preferances.com
O1 - Hosts: 127.0.0.1 ad.doubleclick.com
O1 - Hosts: 127.0.0.1 ads.web.aol.com
O1 - Hosts: 127.0.0.1 ad.preferences.com
O1 - Hosts: 127.0.0.1 ad.washingtonpost.com
O1 - Hosts: 127.0.0.1 adpick.switchboard.com
O1 - Hosts: 127.0.0.1 ads.doubleclick.com
O1 - Hosts: 127.0.0.1 ads.infospace.com
O1 - Hosts: 127.0.0.1 ads.msn.com
O1 - Hosts: 127.0.0.1 ads.switchboard.com
O1 - Hosts: 127.0.0.1 ads.enliven.com
O1 - Hosts: 127.0.0.1 oz.valueclick.com
O1 - Hosts: 127.0.0.1 doubleclick.net
O1 - Hosts: 127.0.0.1 ads.doubleclick.net
O1 - Hosts: 127.0.0.1 ad2.doubleclick.net
O1 - Hosts: 127.0.0.1 ad3.doubleclick.net
O1 - Hosts: 127.0.0.1 ad4.doubleclick.net
O1 - Hosts: 127.0.0.1 ad5.doubleclick.net
O1 - Hosts: 127.0.0.1 ad6.doubleclick.net
O1 - Hosts: 127.0.0.1 ad7.doubleclick.net
O1 - Hosts: 127.0.0.1 ad8.doubleclick.net
O1 - Hosts: 11546 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 118 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 118 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: elsevier.com ([evolvels] http in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: siemensmedical.com ([10dydocumentmanagement.asp] http in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: smshealthconx.net ([netaccess] https in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3785F3BF-8770-47EE-AB71-665805C608C3} https://promed.scribe.com/md/InetWord/packages/InetWord.CAB (InetWord.InetDoc)
O16 - DPF: {3EA7D822-1ED7-4988-BFCA-C14733EE1B32} https://nfuse.nortonhealthcare.org/Citrix/I...stall/setup.cab (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX28.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8017.7218287037 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls.../20/SassCln.CAB (SassCln Object)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remotelink.nortonhealthcare.org/dan...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} https://links.ulh.org/http/0/64.46.201.254/...Contextlets.cab (WebLocator Class)
O16 - DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://links.ulh.org/http/0/l0dydocumentma...lDownloader.cab (IkmControlDownloader Control)
O16 - DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} https://links.ulh.org/http/0/64.46.201.254/...TM/webPrint.cab (Ter Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (Files\Filter\ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (s) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/27 16:34:36 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ef4ed81-ee33-11dd-b362-000d565b229b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef4ed81-ee33-11dd-b362-000d565b229b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/09/18 07:06:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/18 07:02:26 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/18 06:53:18 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/18 06:53:14 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\NTREGOPT.lnk
[2009/09/18 06:53:14 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\ERUNT.lnk
[2009/09/18 06:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/18 06:51:45 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Susan\Desktop\erunt-setup.exe
[2009/09/18 06:39:17 | 00,793,200 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Susan\Desktop\Norton_Removal_Tool.exe
[2009/09/15 06:40:23 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\RootRepeals.zip
[2009/09/15 06:37:08 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\RootRepeal.zip
[2009/09/15 06:30:55 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2009/09/13 17:49:14 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Theology of the Body 0910.xls
[2009/09/11 07:32:34 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\Recipes.doc
[2009/09/08 18:01:03 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/08 06:30:09 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Family Budget 9-8-09.xls
[2009/09/04 17:43:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/01 22:22:20 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Jake Braden 4.doc
[2009/09/01 05:45:39 | 01,403,363 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Christmas Eve 2008 008.jpg
[2009/09/01 05:44:23 | 01,435,424 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 312.jpg
[2009/09/01 05:43:25 | 01,332,127 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 310.jpg
[2009/09/01 05:43:08 | 01,449,439 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 246.jpg
[2009/09/01 05:42:30 | 00,096,416 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 013.jpg
[2009/09/01 05:42:09 | 04,096,969 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 045.jpg
[2009/09/01 05:41:59 | 01,851,148 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 048.jpg
[2009/08/29 16:25:34 | 00,031,928 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
[2009/08/29 16:25:11 | 00,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2009/08/29 16:25:11 | 00,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2009/08/29 16:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/08/26 03:02:26 | 00,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/23 21:21:59 | 00,402,432 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\8-23-9.doc
[2009/08/23 16:58:04 | 00,130,912 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\ExposingtheFiveMythsofEvangelism.mp3
[2009/08/23 16:45:59 | 34,239,320 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\WhyGodUsesSomePeopleMoreThanOthers.mp3
[2009/08/23 16:44:58 | 38,858,961 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\PrayGreatPrayers.mp3
[2009/08/23 16:43:37 | 34,063,005 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\HowtoFindFreedomfromYourFears.mp3
[2009/08/20 16:44:15 | 00,015,416 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\cc_20090820_164411.reg
[2009/08/20 06:33:40 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/20 06:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/08/20 06:26:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ScanAtStartup.dll
[2009/08/20 06:22:59 | 00,005,120 | ---- | C] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS
[2009/08/20 06:22:58 | 00,000,256 | ---- | C] () -- C:\WINDOWS\adaway.lic
[2009/08/20 06:22:52 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Adware Away.lnk
[2009/08/20 06:22:49 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Away
[2009/08/20 06:05:02 | 26,640,7936 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/19 21:53:37 | 00,761,730 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\cc_20090819_215333.reg
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/06/20 20:24:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI
[2008/06/05 22:19:37 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/19 11:33:26 | 00,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
[2007/06/06 07:51:10 | 00,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007/06/06 07:49:26 | 00,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007/06/06 07:20:04 | 00,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/31 19:14:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[2006/05/08 17:06:36 | 00,000,099 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/12/27 22:50:51 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/12/18 18:47:15 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2005/12/18 18:47:15 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2005/12/18 18:47:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2005/12/13 20:47:51 | 00,000,305 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2005/12/13 20:22:52 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p13now.sys
[2005/06/17 21:41:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\kodakpcd.Susan.ini
[2005/03/22 23:56:00 | 00,000,173 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2005/03/13 16:32:07 | 00,000,134 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2004/07/30 20:32:50 | 00,000,045 | ---- | C] () -- C:\WINDOWS\FIHMFNO.ini
[2004/07/09 10:31:18 | 00,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2004/06/20 20:35:52 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2004/06/09 19:53:59 | 00,004,606 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/01/31 21:06:11 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/31 21:04:04 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/31 12:09:40 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/25 21:00:03 | 00,000,703 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/01/23 21:07:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/23 07:48:08 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\PTLCDBAS.INI
[2004/01/23 07:48:08 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\INIVALUE.INI
[2004/01/20 18:27:21 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/01/19 11:52:53 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/19 11:52:52 | 00,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/01/19 11:52:22 | 00,001,867 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/18 14:26:28 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSC62.ini
[2004/01/08 05:57:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/08 05:48:50 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/08 05:44:04 | 00,000,339 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/08 05:39:27 | 00,000,892 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/08 05:21:55 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/08 05:21:34 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/08 05:07:52 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/07 15:01:52 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/09/03 10:59:58 | 00,001,329 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1999/08/10 13:02:20 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 13:02:16 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/22 09:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/11 21:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/09/18 07:21:30 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/18 07:17:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/18 07:17:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/18 07:17:21 | 26,640,7936 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/18 07:15:54 | 06,399,728 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2009/09/18 06:53:18 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/18 06:53:14 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\NTREGOPT.lnk
[2009/09/18 06:53:14 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\ERUNT.lnk
[2009/09/18 06:51:52 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Susan\Desktop\erunt-setup.exe
[2009/09/18 06:39:47 | 00,793,200 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Susan\Desktop\Norton_Removal_Tool.exe
[2009/09/17 07:18:55 | 00,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2009/09/16 17:17:15 | 00,000,099 | ---- | M] () -- C:\WINDOWS\webica.ini
[2009/09/16 06:45:11 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Family Budget 9-8-09.xls
[2009/09/16 03:00:08 | 00,001,656 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L6C116EBCCF0C467C8ECCA70A797EF015.job
[2009/09/15 06:40:25 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\RootRepeals.zip
[2009/09/15 06:37:12 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\RootRepeal.zip
[2009/09/15 06:31:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2009/09/13 22:55:58 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/13 17:49:15 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Theology of the Body 0910.xls
[2009/09/13 10:28:54 | 00,121,344 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\map pack.doc
[2009/09/12 23:06:28 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\All legendaries.doc
[2009/09/10 11:32:09 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\Recipes.doc
[2009/09/09 03:10:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/08 21:21:50 | 34,239,320 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\WhyGodUsesSomePeopleMoreThanOthers.mp3
[2009/09/07 15:45:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/04 17:43:08 | 26,643,6608 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/01 22:22:20 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Jake Braden 4.doc
[2009/08/29 17:37:02 | 00,007,274 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/25 06:24:20 | 34,063,005 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\HowtoFindFreedomfromYourFears.mp3
[2009/08/25 06:24:02 | 00,130,912 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\ExposingtheFiveMythsofEvangelism.mp3
[2009/08/23 21:21:59 | 00,402,432 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\8-23-9.doc
[2009/08/23 16:45:01 | 38,858,961 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\PrayGreatPrayers.mp3
[2009/08/21 06:09:12 | 00,383,742 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/21 06:09:11 | 00,054,508 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/21 06:09:06 | 00,444,832 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/20 16:44:21 | 00,015,416 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\cc_20090820_164411.reg
[2009/08/20 06:28:38 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/20 06:26:00 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\ScanAtStartup.dll
[2009/08/20 06:22:58 | 00,000,256 | ---- | M] () -- C:\WINDOWS\adaway.lic
[2009/08/20 06:22:52 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Adware Away.lnk
[2009/08/19 21:54:02 | 00,761,730 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\cc_20090819_215333.reg
[2009/08/19 21:45:25 | 00,001,329 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/08/19 21:45:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/08/19 21:45:25 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2009/08/19 20:10:06 | 00,337,758 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57AA94C3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945
< End of report >


GAMR log:
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit quick scan 2009-09-18 07:43:57
Windows 5.1.2600 Service Pack 3
Running: kkox2t7j.exe; Driver: C:\DOCUME~1\Susan\LOCALS~1\Temp\pwlyqpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip FF5AC4D0
Device \Driver\Tcpip \Device\Ip FF4E5020

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_620_13649.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\Tcp FF5AC4D0
Device \Driver\Tcpip \Device\Tcp FF4E5020

AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_620_13649.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\Udp FF5AC4D0
Device \Driver\Tcpip \Device\Udp FF4E5020

AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_620_13649.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\RawIp FF5AC4D0
Device \Driver\Tcpip \Device\RawIp FF4E5020

AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_620_13649.SYS (NetBIOS Redirector/Juniper Networks)

---- EOF - GMER 1.0.15 ----

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 19 September 2009 - 09:48 AM

Hello, susan2348.
OK, let's proceed. I don't see anything obviously causing the about:blank, so let's run a couple of more scans.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Step 3

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.
Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 4

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 16 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.


Step 5

In your reply, please post:
  • MBAM log
  • ESET log
  • fresh OTL scan log


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 susan2348

susan2348
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 19 September 2009 - 12:12 PM

etavares,

I'm having trouble downloading Malwarebytes Anti-Malware. It directs me to the cnet download website and then freezes/times out when I try to download. Also- I've never been able to see pictures w/ cnet- only text and boxes with red x's. Is this why I can't download? Can you plese tell me what to do from here?
As always, thanks for your help!

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 19 September 2009 - 01:07 PM

HI...try this link...it shouldn't involve CNET.

https://store.malwarebytes.org/342/cookie?a.../mbam-setup.exe


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 susan2348

susan2348
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 20 September 2009 - 04:16 PM

Wow - the malwarebytes scan found a lot of infections. The ESET scan came back with 0 infections - so I don't even think it created a log. I deleted old Java and downloaded new version. Logs are pasted below.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2831
Windows 5.1.2600 Service Pack 3

9/20/2009 3:05:44 PM
mbam-log-2009-09-20 (15-05-43).txt

Scan type: Quick Scan
Objects scanned: 122604
Time elapsed: 18 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away v3.1.4.c_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Adware Away\activex.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdAway.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdAway.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdwareAway.chm (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\autorun.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\DiagnosticScan.SYS (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\EnumAutoRun.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\EnumDlls.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\EProcess.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\explorerbar.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\fa.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\FixDesktopBackground.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\folderdll.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\global.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\iebhotoolbar.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\iepage.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ietoolbarbutton.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ieurlprefix.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ieurlsearchhook.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\lsp.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\notifydll.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\overall.log (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\process.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\protocolfilter.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ScanAtStartup.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\screenshot.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\service.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\shellextension.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\shellextensionhook.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\Start1Driver.SYS (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\svchostdll.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\sysrestriction.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\unins000.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\unins000.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\uninstall.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\Update2.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Uninstall.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Update.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\User Manual.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan\Desktop\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.

New OTL Scan:

OTL logfile created on: 9/20/2009 5:07:52 PM - Run 5
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 33.44 Mb Available Physical Memory | 13.17% Memory free
621.74 Mb Paging File | 227.24 Mb Available in Paging File | 36.55% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 10.71 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEEFCAKE
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 06:13:54 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2006/10/30 19:40:33 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/09/20 16:26:39 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\java.exe
PRC - [2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/15 06:31:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2009/05/28 17:10:22 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2005/02/09 13:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\pclepci.sys -- (PCLEPCI [Auto | Stopped])
SRV - [2003/03/09 16:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2007/07/27 10:41:38 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2009/08/17 06:13:54 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/07/16 16:24:09 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2003/07/16 16:24:22 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2003/07/16 16:24:23 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2003/05/28 19:53:46 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2003/05/23 14:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2003/07/16 16:25:32 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2003/07/16 16:26:33 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys -- (elagopro [Auto | Running])
DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys -- (elaunidr [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/03/09 16:31:00 | 00,051,024 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2003/03/09 16:31:02 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003/03/09 16:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2005/10/19 08:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/01/04 11:07:00 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2003/07/16 16:34:22 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/07/16 18:27:24 | 00,063,008 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\Drivers\NEOFLTR_550_11965.SYS -- (NEOFLTR_550_11965 [System | Running])
DRV - [2008/10/21 18:40:22 | 00,064,480 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\Drivers\NEOFLTR_620_13649.SYS -- (NEOFLTR_620_13649 [System | Running])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2007/01/23 11:11:38 | 00,441,472 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\System32\DRIVERS\MarvinUsb.sys -- (PinnacleMarvinUsb [On_Demand | Stopped])
DRV - [2003/07/16 16:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/07/16 16:42:24 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2003/07/16 16:42:25 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2003/07/16 16:42:26 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2006/04/10 01:02:18 | 00,162,816 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/02/28 11:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2003/07/16 16:46:15 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/04/21 18:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv [Boot | Running])
DRV - [2009/03/14 06:48:40 | 00,005,120 | ---- | M] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver [System | Running])
DRV - [2003/07/16 16:47:09 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2003/07/16 16:47:09 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2003/07/16 16:47:09 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2003/07/16 16:47:10 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2003/07/16 16:48:45 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/11/11 13:41:00 | 00,013,056 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2008/11/11 13:41:00 | 00,019,968 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\usbio.sys -- (USBIO [On_Demand | Stopped])
DRV - [2008/11/11 13:42:00 | 00,024,832 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2003/10/08 11:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/10/08 11:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\S-1-5-21-1554417415-1731023960-829595172-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\S-1-5-21-1554417415-1731023960-829595172-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker

[2006/07/22 07:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\mozilla\Firefox\Profiles\0ztzf6h1.default\extensions
[2008/10/27 15:07:38 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\FireFox\Profiles\0ztzf6h1.default\searchplugins\search.xml
[2006/08/05 22:35:04 | 02,078,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: (337758 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.preferances.com
O1 - Hosts: 127.0.0.1 ad.doubleclick.com
O1 - Hosts: 127.0.0.1 ads.web.aol.com
O1 - Hosts: 127.0.0.1 ad.preferences.com
O1 - Hosts: 127.0.0.1 ad.washingtonpost.com
O1 - Hosts: 127.0.0.1 adpick.switchboard.com
O1 - Hosts: 127.0.0.1 ads.doubleclick.com
O1 - Hosts: 127.0.0.1 ads.infospace.com
O1 - Hosts: 127.0.0.1 ads.msn.com
O1 - Hosts: 127.0.0.1 ads.switchboard.com
O1 - Hosts: 127.0.0.1 ads.enliven.com
O1 - Hosts: 127.0.0.1 oz.valueclick.com
O1 - Hosts: 127.0.0.1 doubleclick.net
O1 - Hosts: 127.0.0.1 ads.doubleclick.net
O1 - Hosts: 127.0.0.1 ad2.doubleclick.net
O1 - Hosts: 127.0.0.1 ad3.doubleclick.net
O1 - Hosts: 127.0.0.1 ad4.doubleclick.net
O1 - Hosts: 127.0.0.1 ad5.doubleclick.net
O1 - Hosts: 127.0.0.1 ad6.doubleclick.net
O1 - Hosts: 127.0.0.1 ad7.doubleclick.net
O1 - Hosts: 127.0.0.1 ad8.doubleclick.net
O1 - Hosts: 11546 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Susan\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 118 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 118 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: elsevier.com ([evolvels] http in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: siemensmedical.com ([10dydocumentmanagement.asp] http in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: smshealthconx.net ([netaccess] https in Trusted sites)
O15 - HKU\S-1-5-21-1554417415-1731023960-829595172-1007\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3785F3BF-8770-47EE-AB71-665805C608C3} https://promed.scribe.com/md/InetWord/packages/InetWord.CAB (InetWord.InetDoc)
O16 - DPF: {3EA7D822-1ED7-4988-BFCA-C14733EE1B32} https://nfuse.nortonhealthcare.org/Citrix/I...stall/setup.cab (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX28.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8017.7218287037 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls.../20/SassCln.CAB (SassCln Object)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remotelink.nortonhealthcare.org/dan...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} https://links.ulh.org/http/0/64.46.201.254/...Contextlets.cab (WebLocator Class)
O16 - DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://links.ulh.org/http/0/l0dydocumentma...lDownloader.cab (IkmControlDownloader Control)
O16 - DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} https://links.ulh.org/http/0/64.46.201.254/...TM/webPrint.cab (Ter Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (Files\Filter\ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (s) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/27 16:34:36 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ef4ed81-ee33-11dd-b362-000d565b229b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef4ed81-ee33-11dd-b362-000d565b229b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/09/20 16:32:05 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\Susan\Start Menu\Programs\Startup\SDK Tray Menu.lnk
[2009/09/20 16:27:18 | 00,024,724 | ---- | C] () -- C:\WINDOWS\System32\productregistry
[2009/09/20 16:23:44 | 00,000,000 | ---D | C] -- C:\Sun
[2009/09/20 15:30:27 | 17,456,6916 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe
[2009/09/20 15:27:29 | 00,001,287 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\1253474983475-integrated.jnlp
[2009/09/20 15:15:22 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/20 13:10:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Malwarebytes
[2009/09/20 13:10:12 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/20 13:10:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/20 13:10:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/20 13:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/20 13:10:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/20 13:09:23 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Susan\Desktop\mbam-setup.exe
[2009/09/20 02:01:19 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Harry's Grades.xls
[2009/09/20 02:00:15 | 00,153,600 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\List of legendary Pokémon.doc
[2009/09/20 01:20:46 | 00,279,552 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\Generation 1 wsh1pics.doc
[2009/09/20 01:08:23 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\Generation 1 Wsht.doc
[2009/09/20 00:41:49 | 00,087,552 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\legendary quiz.doc
[2009/09/18 07:36:25 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\kkox2t7j.exe
[2009/09/18 07:06:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/18 07:02:26 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/18 06:53:18 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/18 06:53:14 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\NTREGOPT.lnk
[2009/09/18 06:53:14 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\ERUNT.lnk
[2009/09/18 06:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/18 06:51:45 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Susan\Desktop\erunt-setup.exe
[2009/09/18 06:39:17 | 00,793,200 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Susan\Desktop\Norton_Removal_Tool.exe
[2009/09/15 06:40:23 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\RootRepeals.zip
[2009/09/15 06:37:08 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\RootRepeal.zip
[2009/09/15 06:30:55 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2009/09/13 17:49:14 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Theology of the Body 0910.xls
[2009/09/11 07:32:34 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\Recipes.doc
[2009/09/08 18:01:03 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/08 06:30:09 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Family Budget 9-8-09.xls
[2009/09/04 17:43:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/01 22:22:20 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Jake Braden 4.doc
[2009/09/01 05:45:39 | 01,403,363 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Christmas Eve 2008 008.jpg
[2009/09/01 05:44:23 | 01,435,424 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 312.jpg
[2009/09/01 05:43:25 | 01,332,127 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 310.jpg
[2009/09/01 05:43:08 | 01,449,439 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 246.jpg
[2009/09/01 05:42:30 | 00,096,416 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 013.jpg
[2009/09/01 05:42:09 | 04,096,969 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 045.jpg
[2009/09/01 05:41:59 | 01,851,148 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Vacation - Poker party 048.jpg
[2009/08/29 16:25:34 | 00,031,928 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
[2009/08/29 16:25:11 | 00,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2009/08/29 16:25:11 | 00,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2009/08/29 16:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/08/26 03:02:26 | 00,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/23 21:21:59 | 00,402,432 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\8-23-9.doc
[2009/08/23 16:58:04 | 00,130,912 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\ExposingtheFiveMythsofEvangelism.mp3
[2009/08/23 16:45:59 | 34,239,320 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\WhyGodUsesSomePeopleMoreThanOthers.mp3
[2009/08/23 16:44:58 | 38,858,961 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\PrayGreatPrayers.mp3
[2009/08/23 16:43:37 | 34,063,005 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\HowtoFindFreedomfromYourFears.mp3
[2009/08/20 06:26:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ScanAtStartup.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/06/20 20:24:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI
[2008/06/05 22:19:37 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/19 11:33:26 | 00,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
[2007/06/06 07:51:10 | 00,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007/06/06 07:49:26 | 00,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007/06/06 07:20:04 | 00,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/31 19:14:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[2006/05/08 17:06:36 | 00,000,099 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/12/27 22:50:51 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/12/18 18:47:15 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2005/12/18 18:47:15 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2005/12/18 18:47:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2005/12/13 20:47:51 | 00,000,305 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2005/12/13 20:22:52 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p13now.sys
[2005/06/17 21:41:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\kodakpcd.Susan.ini
[2005/03/22 23:56:00 | 00,000,173 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2005/03/13 16:32:07 | 00,000,134 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2004/07/30 20:32:50 | 00,000,045 | ---- | C] () -- C:\WINDOWS\FIHMFNO.ini
[2004/07/09 10:31:18 | 00,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2004/06/20 20:35:52 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2004/06/09 19:53:59 | 00,004,606 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/01/31 21:06:11 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/31 21:04:04 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/31 12:09:40 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/25 21:00:03 | 00,000,703 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/01/23 21:07:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/23 07:48:08 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\PTLCDBAS.INI
[2004/01/23 07:48:08 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\INIVALUE.INI
[2004/01/20 18:27:21 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/01/19 11:52:53 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/19 11:52:52 | 00,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/01/19 11:52:22 | 00,001,867 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/18 14:26:28 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSC62.ini
[2004/01/08 05:57:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/08 05:48:50 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/08 05:44:04 | 00,000,339 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/08 05:39:27 | 00,000,892 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/08 05:21:55 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/08 05:21:34 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/08 05:07:52 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/07 15:01:52 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/09/03 10:59:58 | 00,001,329 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1999/08/10 13:02:20 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 13:02:16 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/22 09:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/11 21:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/09/20 16:32:06 | 00,024,724 | ---- | M] () -- C:\WINDOWS\System32\productregistry
[2009/09/20 16:32:05 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\Susan\Start Menu\Programs\Startup\SDK Tray Menu.lnk
[2009/09/20 15:31:26 | 17,456,6916 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe
[2009/09/20 15:27:47 | 00,001,287 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\1253474983475-integrated.jnlp
[2009/09/20 15:12:22 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/20 15:09:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/20 15:09:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/20 15:09:06 | 26,640,7936 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/20 13:10:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/20 13:09:33 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Susan\Desktop\mbam-setup.exe
[2009/09/20 09:45:21 | 00,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2009/09/20 02:01:19 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Harry's Grades.xls
[2009/09/20 02:00:15 | 00,153,600 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\List of legendary Pokémon.doc
[2009/09/20 01:21:19 | 00,279,552 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\Generation 1 wsh1pics.doc
[2009/09/20 01:08:23 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\Generation 1 Wsht.doc
[2009/09/20 00:41:50 | 00,087,552 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\legendary quiz.doc
[2009/09/19 22:27:46 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/19 18:18:11 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/18 07:36:30 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\kkox2t7j.exe
[2009/09/18 07:15:54 | 06,399,728 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2009/09/18 06:53:18 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/18 06:53:14 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\NTREGOPT.lnk
[2009/09/18 06:53:14 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\ERUNT.lnk
[2009/09/18 06:51:52 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Susan\Desktop\erunt-setup.exe
[2009/09/18 06:39:47 | 00,793,200 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Susan\Desktop\Norton_Removal_Tool.exe
[2009/09/16 17:17:15 | 00,000,099 | ---- | M] () -- C:\WINDOWS\webica.ini
[2009/09/16 06:45:11 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Family Budget 9-8-09.xls
[2009/09/16 03:00:08 | 00,001,656 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L6C116EBCCF0C467C8ECCA70A797EF015.job
[2009/09/15 06:40:25 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\RootRepeals.zip
[2009/09/15 06:37:12 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\RootRepeal.zip
[2009/09/15 06:31:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2009/09/13 17:49:15 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Theology of the Body 0910.xls
[2009/09/13 10:28:54 | 00,121,344 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\map pack.doc
[2009/09/12 23:06:28 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\All legendaries.doc
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 11:32:09 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\Recipes.doc
[2009/09/09 03:10:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/08 21:21:50 | 34,239,320 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\WhyGodUsesSomePeopleMoreThanOthers.mp3
[2009/09/04 17:43:08 | 26,643,6608 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/01 22:22:20 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Jake Braden 4.doc
[2009/08/29 17:37:02 | 00,007,274 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/25 06:24:20 | 34,063,005 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\HowtoFindFreedomfromYourFears.mp3
[2009/08/25 06:24:02 | 00,130,912 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\ExposingtheFiveMythsofEvangelism.mp3
[2009/08/23 21:21:59 | 00,402,432 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\8-23-9.doc
[2009/08/23 16:45:01 | 38,858,961 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\PrayGreatPrayers.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57AA94C3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945
< End of report >

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 21 September 2009 - 06:16 PM

Hello, susan2348.
OK, great progress. How is your computer running? Let's do one more thing, then we'll clean up our mess and ensure you can't get reinfected from this infection.



Step 1

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 susan2348

susan2348
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 22 September 2009 - 05:17 AM

Wow- This is great. My computer is running so much better, much faster. Thank you so much!!!

Can I delete all of the programs you had me save to my desktop? Here they are: mbam, erunt, malwarebytes, java program, root repeal, OTL, Norton removal tool, GMER, NTREGOPT and ATF cleaner

Should I delete all these programs or leave some to run as a periodic scan? Also do you have any suggestions for antivirus/spam software I should use?

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 22 September 2009 - 05:03 PM

Hello, susan2348.
Ok, good to hear everything is running better.

You asked for suggestions for antivirus software and anti-spyware scans. My suggestions:
  • I'd leave MBAM on. You may want to uninstall, then reinstall if you want to change the save location of it. It's a great program to use as a supplemental scan...just make sure to update it before you scan.
  • For antivirus, I don't have any experience with Webroot. I personally use Avast! as it's free and has good detection rates. No antivirus will keep your computer 100% safe as new viruses are written all the time. It's important to keep your antivirus up to date.
  • I would also clean out your temp folders every so often. First, it gets rid of unneeded files and frees up space, and second, sometimes bad files hide in there. You can use ATF cleaner or other apps like CCleaner to clean temp files.
  • You can uninstall ERUNT if you'd like, but it can be a good tool to have as it backs up your registry on every reboot and means you could save your computer if Windows won't boot due to a registry issue.
Now we can clean up.



Step 1

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  • Go to Start --> All Programs --> Accessories --> System Tools --> System Restore.
  • Select Create a Restore Point and click Next.
  • Give the restore point a name and press create.
  • You'll see it work, then say that it was created sucessfully. Click Close.

Now, we need to remove the old, infected points using DiskCleanup.
  • Click on Start --> Run.
  • Type in cleanmgr into the run box and hit OK.
  • Select C: and press OK
  • Select the More Options tab.
  • Click on Clean up in the System Restore section..
  • Click OK.
  • You'll get a couple of prompts asking if you're sure you want do to this, select Yes and OK for them.
  • Disk cleanup will remove the old restore points that included the malware.



Step 2

Open OTL and press "Clean Up!".

This will clean up several of the tools we used including removing OTL itself.

You can then delete/uninstall any you don't want that are still remaining from that list (e.g. DDS, ERUNT, etc.)



Let's do some housekeeping (optional)



System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users