Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my comp. is seriously fouled up.


  • Please log in to reply
52 replies to this topic

#1 boydphoto

boydphoto

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 26 September 2009 - 09:35 PM

i've run all the scans asked for, including dds, attach, and root repeal. i don't know what to do now, but i appreciate all your help. thanks, boy.

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 AM

Posted 14 October 2009 - 05:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 boydphoto

boydphoto
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 14 October 2009 - 09:23 PM

hi. you said, "in the top right corner there is a button called, options. sorry, but in the top right corner of what? i am enclosing the results of the otl scan. i'm sorry that i don't know more about computers, but i'm an old dude and just got my first comp 5 years ago.

Attached Files



#4 boydphoto

boydphoto
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 14 October 2009 - 09:30 PM

PS. here are some of the problems i'm having. can't connect to internet via firefox, but i usually can via i.e. some progras, like google search, avg free, have disappeared from my computer. there are other problems, but these are the ones which come to mind first. thanks, boyd.

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 AM

Posted 15 October 2009 - 03:49 AM

Hi,

not a problem. :(
The topic is this thread we are replying to and the instructions starting at "In the upper right hand corner of the topic" no longer concern OTL.exe. I should have made that clear.
So in the upper right hand corner of the topic you will see a button called Options. It is underneath the buttons for Add Reply and new topic. If you select to Track the topic, you can get immediate Email notification. This means that you will get an email every time I reply to you here. If you check the topic on a regular basis or more often then your mails, you can simply ignore these instructions.

Please run OTL once more, it will create only one file called OTL.txt, please copy the content of that file in your next reply.

Are you sure it was AVG free that disappeared from your system? I can see traces of Avast! left on your PC, did you remove that or did it disappear? Are you the only person to use this PC?
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 boydphoto

boydphoto
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 15 October 2009 - 11:03 AM

yes, avg disappeared. i re-installed it. i deleted avast; just checked, "search", and there are no traces of avast which show up. i'm the only one using my comp. again, thanks, boyd.

Attached Files



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 AM

Posted 16 October 2009 - 06:30 AM

Hi,

where did you look for AVG when it disappeared? Your logs show a couple of duplicate folders for AVG. How did you remove Avast, the leftovers aren't files, but should have ben removed when uninstalling it?

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Panda.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    SRV - File not found --  -- (avast! Web Scanner [On_Demand | Stopped])
    SRV - File not found --  -- (avast! Mail Scanner [On_Demand | Stopped])
    SRV - File not found --  -- (avast! Antivirus [Auto | Stopped])
    SRV - File not found --  -- (aswUpdSv [Auto | Stopped])
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 boydphoto

boydphoto
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 16 October 2009 - 07:24 AM

morning, temp. it's hard to believe you spend all this time helping me. (and others) i chose to use avg and i've removed avast and panda. i ran searches and they showed no traces of either.



OTL logfile created on: 10/16/2009 5:12:23 AM - Run 3
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Boyd Photo\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.50% Memory free
3.84 Gb Paging File | 3.43 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.94 Gb Total Space | 26.33 Gb Free Space | 38.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOYD
Current User Name: Boyd Photo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Boyd Photo\My Documents\Downloads\OTL(3).exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe (SourceTec Software Co., LTD)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Stopped]) -- File not found
SRV - (avast! Antivirus [Auto | Stopped]) -- File not found
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- File not found
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- File not found
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (MXOPSWD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rimmptsk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/10 13:19:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/05 19:29:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/10/14 07:48:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/15 09:41:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/15 09:41:31 | 00,000,000 | ---D | M]

[2009/07/05 19:46:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boyd Photo\Application Data\mozilla\Extensions
[2009/07/05 19:46:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boyd Photo\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/15 19:31:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boyd Photo\Application Data\mozilla\Firefox\Profiles\d1abgx34.default\extensions
[2009/09/10 13:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boyd Photo\Application Data\mozilla\Firefox\Profiles\d1abgx34.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/09/14 15:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boyd Photo\Application Data\mozilla\Firefox\Profiles\d1abgx34.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2009/10/15 19:31:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/15 09:41:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/23 11:24:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/01/05 15:51:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/05 19:30:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/05 19:56:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/08 10:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/26 11:45:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2008/11/02 06:32:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider(2).dll
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp(2).dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/04/23 11:57:14 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2 C:\Program Files\mozilla firefox\plugins\*.tmp files]
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Web Video Downloader] C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe (SourceTec Software Co., LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[29 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/13 16:43:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ALM
[2009/10/14 07:48:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
[2009/10/13 07:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8(2)
[2009/09/23 07:33:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
[2009/09/25 16:08:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2009/09/21 10:10:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2009/09/23 11:27:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2009/10/03 15:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\AccurateRip
[2009/09/23 08:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\ArcSoft
[2009/10/14 06:46:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\AVG8
[2009/09/21 11:34:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\Blitware
[2009/10/03 15:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\dBpoweramp
[2009/10/15 18:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\ElevatedDiagnostics
[2009/09/23 07:34:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\Skype
[2009/09/23 07:37:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\skypePM
[2009/10/05 09:02:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\Talkback
[2009/09/23 11:27:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Application Data\Yahoo!
[2009/10/15 19:31:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\Paint.NET
[2009/09/21 10:16:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\Yahoo
[2009/10/13 16:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/09/23 11:27:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/23 08:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/10/14 07:48:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/13 07:54:46 | 00,000,000 | ---D | C] -- C:\Program Files\AVG(2)
[2009/10/03 15:20:47 | 00,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2009/09/24 13:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\LizardTech
[2009/10/15 18:45:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2009/09/21 10:24:49 | 00,000,000 | ---D | C] -- C:\Program Files\MMEDIA
[2009/10/15 19:31:59 | 00,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2009/09/23 07:33:34 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/21 11:42:58 | 00,000,000 | ---D | C] -- C:\Program Files\Vimicro
[2009/09/21 10:10:50 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
File not found -- C:\Documents and Settings\Boyd Photo\Desktop\DENISE DIOR AND DOG.
[2009/10/16 05:08:26 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/15 18:45:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2009/10/15 12:44:20 | 00,000,000 | ---D | C] -- C:\SMCLpav
[2009/10/15 09:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Desktop\PS 9 STUFF
[2009/10/14 07:49:16 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/14 07:49:16 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/14 07:49:08 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/14 07:49:06 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/13 16:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Desktop\New Folder
[2009/10/13 15:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Desktop\STUFF, 10-13-09
[2009/10/08 14:34:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Desktop\LISA AND BRIAN PRE-WED
[2009/10/05 10:01:12 | 08,067,224 | ---- | C] (Mozilla) -- C:\Documents and Settings\Boyd Photo\Desktop\Firefox Setup 3.5.3.exe
[2009/09/30 18:56:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\My Documents\MB PURCHASE STUFF
[2009/09/30 14:02:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/09/27 15:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Desktop\BEAUTIFUL DOWNTOWN TRONA
[2009/09/26 18:44:28 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Boyd Photo\Desktop\RootRepeal.exe
[2009/09/26 17:01:00 | 17,668,968 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Boyd Photo\Desktop\n7qn68e6(2).exe
[2009/09/26 16:41:52 | 17,668,968 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Boyd Photo\Desktop\n7qn68e6.exe
[2009/09/26 11:45:18 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/26 11:45:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/26 11:45:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/26 11:43:37 | 00,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Boyd Photo\Desktop\jre-6u16-windows-i586-iftw.exe
[2009/09/24 13:36:17 | 00,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\Deco_32.dll
[2009/09/24 09:31:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\Desktop\STUFF FOR LD
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p.DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(46).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(45).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(44).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(43).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(42).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(41).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(40).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(39).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(38).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(37).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(36).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(35).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(34).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(33).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(32).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(21).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(20).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(19).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(18).DLL
[2009/09/23 11:40:19 | 00,113,152 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM5p(17).DLL
[2009/09/23 08:35:23 | 00,376,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2009/09/23 08:13:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boyd Photo\My Documents\My Albums
[2009/09/23 08:13:20 | 00,581,632 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\LsxMpxp4.dll
[2009/09/23 08:13:20 | 00,573,440 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\LsxMpxp3.dll
[2009/09/23 08:13:20 | 00,552,960 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\LsxMpxp2.dll
[2009/09/23 08:13:20 | 00,045,056 | ---- | C] (Arcsoft Inc.) -- C:\WINDOWS\System32\MPEG-2Writer.ax
[2009/09/23 08:13:19 | 00,593,920 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\LsxMpgp4.dll
[2009/09/23 08:13:19 | 00,585,728 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\LsxMpgp3.dll
[2009/09/23 08:13:19 | 00,573,440 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\LsxMpgk7.dll
[2009/09/23 08:13:19 | 00,544,768 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\LsxMpgp2.dll
[2009/09/23 08:13:19 | 00,217,145 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\gmdvsd.dll
[2009/09/23 08:13:19 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2009/09/23 08:13:19 | 00,118,784 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\gomotion.dll
[2009/09/23 08:13:19 | 00,098,304 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\lmpgvd.ax
[2009/09/23 08:13:19 | 00,094,208 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\lmpgspl.ax
[2009/09/23 08:13:19 | 00,042,496 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\lmpgad.ax
[2009/09/21 11:43:12 | 00,049,152 | ---- | C] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
[2009/09/21 11:43:12 | 00,049,152 | ---- | C] (Vimicro) -- C:\WINDOWS\Domino.exe
[2009/09/21 10:25:05 | 00,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VidCap32.exe
[2009/09/21 10:25:04 | 00,102,400 | ---- | C] (Meta Media Inc) -- C:\WINDOWS\MMVEM.EXE
[2009/09/20 14:38:22 | 00,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2009/09/16 11:05:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/16 09:31:13 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

========== Files - Modified Within 30 Days ==========

[29 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Boyd Photo\Desktop\DENISE DIOR AND DOG.
[2009/10/16 04:57:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/16 04:57:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/16 04:57:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 20:01:46 | 05,991,220 | -H-- | M] () -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\IconCache.db
[2009/10/15 19:32:10 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Paint.NET.lnk
[2009/10/15 19:17:10 | 00,219,136 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/15 18:45:00 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\Fix it - Microsoft ATS.lnk
[2009/10/15 17:33:38 | 00,268,954 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\MOMMMMMMMY'S BOOOOOOBS!.jpg
[2009/10/15 17:31:12 | 00,113,844 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\BOOOOOOOBS!.jpg
[2009/10/15 17:17:27 | 42,945,854 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/15 17:17:07 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/15 17:12:49 | 00,305,761 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\JENNIE'S BOOBS.jpg
[2009/10/15 17:09:17 | 00,049,926 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\she loves boob.jpg
[2009/10/15 16:49:03 | 00,036,274 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\donna b at dresser.jpg
[2009/10/15 16:14:06 | 00,096,626 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\hq_handjob_pic_01_29.jpg
[2009/10/15 16:11:58 | 00,018,335 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\brn beauty w cock.jpg
[2009/10/15 16:08:27 | 02,773,847 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\brandi2.wmv
[2009/10/15 16:07:23 | 02,773,847 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\brandi1.wmv
[2009/10/15 13:57:07 | 00,048,178 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\queer_as_folk_season_1_ep_09_16.jpg, jennie!.jpg
[2009/10/15 13:57:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/15 13:55:53 | 00,053,659 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\queer_as_folk_season_1_ep_09_11.jpg
[2009/10/15 13:39:10 | 00,065,648 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\dnk_girls_kissing_2307.jpg
[2009/10/15 13:36:39 | 00,052,381 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\dnk_girls_kissing_2282.jpg
[2009/10/15 12:42:32 | 00,710,704 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\UNINSTALLER_09.exe
[2009/10/15 11:57:16 | 00,039,872 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/15 11:47:33 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2009/10/15 11:47:33 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2009/10/15 11:41:13 | 02,054,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/15 11:27:20 | 00,540,036 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 11:27:20 | 00,472,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 11:27:20 | 00,078,084 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 11:23:04 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 19:38:20 | 00,037,782 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\mylette, mf.jpg
[2009/10/14 19:15:52 | 00,000,229 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\SOME OF THE PROBLEMS WITH MY COMP
[2009/10/14 07:49:17 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 8.5.lnk
[2009/10/14 07:49:16 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/14 07:49:16 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/14 07:49:08 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/14 07:49:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/14 07:48:45 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/14 07:48:43 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/13 07:55:19 | 42,770,980 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi(2).avm
[2009/10/13 07:55:05 | 00,024,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi(2).avg
[2009/10/13 07:55:04 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi(2).avg
[2009/10/13 07:55:02 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7(2).avg
[2009/10/12 15:07:54 | 00,000,943 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/12 15:07:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/12 15:04:24 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/12 11:49:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/09 13:06:07 | 15,246,456 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\Top_5_Sexiest_Secret_Girlfriends_in_Film.mov
[2009/10/06 14:33:05 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/10/05 10:01:58 | 08,067,224 | ---- | M] (Mozilla) -- C:\Documents and Settings\Boyd Photo\Desktop\Firefox Setup 3.5.3.exe
[2009/10/05 05:56:24 | 00,112,353 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\My Documents\applauseclapping.gif
[2009/10/03 15:22:13 | 00,515,760 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/10/03 15:22:13 | 00,515,760 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\dBpoweramp-Codec-FLAC.exe
[2009/10/03 15:20:50 | 00,015,341 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/10/03 15:20:31 | 00,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/10/03 15:20:21 | 05,640,880 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\dMC-R13.3-Ref-Trial.exe
[2009/10/02 11:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 15:30:36 | 00,024,496 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\My Documents\HEALTH CARE CARTOON.jpg
[2009/09/26 18:44:29 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Boyd Photo\Desktop\RootRepeal.exe
[2009/09/26 18:02:50 | 00,360,858 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\dds(2).scr
[2009/09/26 18:01:37 | 00,360,858 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\Desktop\dds.scr
[2009/09/26 17:06:27 | 17,668,968 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Boyd Photo\Desktop\n7qn68e6(2).exe
[2009/09/26 16:46:05 | 17,668,968 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Boyd Photo\Desktop\n7qn68e6.exe
[2009/09/26 14:18:36 | 00,253,129 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\My Documents\MY PROGRAMS 2.jpg
[2009/09/26 14:16:58 | 00,233,710 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\My Documents\MY PROGRAMS.jpg
[2009/09/26 14:10:16 | 00,632,200 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\My Documents\MY DESKTOP.jpg
[2009/09/26 11:43:38 | 00,714,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Boyd Photo\Desktop\jre-6u16-windows-i586-iftw.exe
[2009/09/24 16:39:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/23 17:03:22 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/23 08:13:24 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ShowBiz.lnk
[2009/09/23 07:37:45 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/22 09:18:10 | 01,639,320 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\My Documents\letter to mbpurchase.com
[2009/09/21 11:34:44 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/09/20 18:37:16 | 24,581,901 | ---- | M] () -- C:\Documents and Settings\Boyd Photo\My Documents\OBAMA LYING AGAIN.wmv
[2009/09/16 09:30:54 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/16 09:30:54 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

========== Files - No Company Name ==========
[2009/10/15 19:32:10 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Paint.NET.lnk
[2009/10/15 18:45:00 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\Fix it - Microsoft ATS.lnk
[2009/10/15 17:33:35 | 00,268,954 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\MOMMMMMMMY'S BOOOOOOBS!.jpg
[2009/10/15 17:31:09 | 00,113,844 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\BOOOOOOOBS!.jpg
[2009/10/15 17:12:49 | 00,305,761 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\JENNIE'S BOOBS.jpg
[2009/10/15 17:09:17 | 00,049,926 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\she loves boob.jpg
[2009/10/15 16:49:02 | 00,036,274 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\donna b at dresser.jpg
[2009/10/15 16:14:05 | 00,096,626 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\hq_handjob_pic_01_29.jpg
[2009/10/15 16:11:58 | 00,018,335 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\brn beauty w cock.jpg
[2009/10/15 16:08:22 | 02,773,847 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\brandi2.wmv
[2009/10/15 16:07:18 | 02,773,847 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\brandi1.wmv
[2009/10/15 13:57:06 | 00,048,178 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\queer_as_folk_season_1_ep_09_16.jpg, jennie!.jpg
[2009/10/15 13:55:52 | 00,053,659 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\queer_as_folk_season_1_ep_09_11.jpg
[2009/10/15 13:39:09 | 00,065,648 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\dnk_girls_kissing_2307.jpg
[2009/10/15 13:36:39 | 00,052,381 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\dnk_girls_kissing_2282.jpg
[2009/10/15 12:42:20 | 00,710,704 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\UNINSTALLER_09.exe
[2009/10/14 19:38:20 | 00,037,782 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\mylette, mf.jpg
[2009/10/14 19:05:39 | 00,000,229 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\SOME OF THE PROBLEMS WITH MY COMP
[2009/10/14 07:49:17 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 8.5.lnk
[2009/10/14 07:24:32 | 00,368,533 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\w with nd.jpg
[2009/10/12 15:04:24 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/09 13:06:07 | 15,246,456 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\Top_5_Sexiest_Secret_Girlfriends_in_Film.mov
[2009/10/05 05:56:23 | 00,112,353 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\applauseclapping.gif
[2009/10/04 07:58:22 | 00,474,534 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\ARMED SERVICES PHOTO.jpg
[2009/10/03 15:22:12 | 00,515,760 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\dBpoweramp-Codec-FLAC.exe
[2009/10/03 15:20:50 | 00,515,760 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/10/03 15:20:50 | 00,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/10/03 15:20:50 | 00,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/10/03 15:20:15 | 05,640,880 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\dMC-R13.3-Ref-Trial.exe
[2009/10/01 15:30:56 | 00,024,496 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\HEALTH CARE CARTOON.jpg
[2009/09/26 18:02:50 | 00,360,858 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\dds(2).scr
[2009/09/26 18:01:36 | 00,360,858 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Desktop\dds.scr
[2009/09/26 14:18:34 | 00,253,129 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\MY PROGRAMS 2.jpg
[2009/09/26 14:16:56 | 00,233,710 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\MY PROGRAMS.jpg
[2009/09/26 14:10:11 | 00,632,200 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\MY DESKTOP.jpg
[2009/09/23 11:40:23 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5p.DLL
[2009/09/23 08:13:24 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ShowBiz.lnk
[2009/09/23 08:13:21 | 01,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2009/09/23 08:13:20 | 01,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2009/09/23 08:13:20 | 01,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2009/09/23 08:13:20 | 01,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2009/09/23 08:13:20 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2009/09/23 08:13:19 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/09/23 07:37:45 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/22 09:18:06 | 01,639,320 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\letter to mbpurchase.com
[2009/09/21 10:25:05 | 00,035,600 | ---- | C] () -- C:\WINDOWS\AMCAP.EXE
[2009/09/21 10:25:05 | 00,020,992 | ---- | C] () -- C:\WINDOWS\MMVCB.AX
[2009/09/21 10:25:05 | 00,000,392 | ---- | C] () -- C:\WINDOWS\WebEye.ini
[2009/09/21 10:25:04 | 00,172,032 | ---- | C] () -- C:\WINDOWS\JAPI2.DLL
[2009/09/21 10:24:56 | 00,106,496 | ---- | C] () -- C:\WINDOWS\JAPI.DLL
[2009/09/20 19:35:45 | 00,640,131 | R--- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\DEEP PAINT MANUAL.pdf
[2009/09/20 18:36:33 | 24,581,901 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\My Documents\OBAMA LYING AGAIN.wmv
[2009/07/04 14:29:13 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/07/04 14:29:13 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2009/07/04 14:28:17 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/07/04 14:25:41 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/04 14:25:40 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/03 18:06:52 | 00,219,136 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 13:35:36 | 05,991,220 | -H-- | C] () -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\IconCache.db
[2009/07/03 13:31:09 | 00,039,872 | ---- | C] () -- C:\Documents and Settings\Boyd Photo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/03 13:30:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Boyd Photo\Application Data\desktop.ini
[2009/07/03 06:10:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
[2008/02/09 16:03:00 | 03,924,220 | ---- | C] () -- C:\Program Files\KUSO_EXIF_Viewer_EN.exe
[2007/10/09 21:27:38 | 00,018,325 | ---- | C] () -- C:\Program Files\License.txt
[2001/08/23 05:00:00 | 00,000,943 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C265C458
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4BF2F6B5
< End of report >



thanks, temp. boyd

Attached Files



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 AM

Posted 16 October 2009 - 07:54 AM

Hi,

that didn't work out as expected. Please run the following script for OTL again:
:otl
SRV - File not found --  -- (avast! Web Scanner [On_Demand | Stopped])
SRV - File not found --  -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - File not found --  -- (avast! Antivirus [Auto | Stopped])
SRV - File not found --  -- (aswUpdSv [Auto | Stopped])

Please make sure, that you copy all the lines.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 boydphoto

boydphoto
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 16 October 2009 - 01:11 PM

hi, again, temp. here is the scan.

Attached Files



#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 AM

Posted 21 October 2009 - 08:02 AM

Hi,

sorry, somehow I mist your last reply. :(

Could you please explain how AVG disappeared? How did you look for it?

Please also run the following two scans:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 boydphoto

boydphoto
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 21 October 2009 - 09:02 PM

thanks, temp. i was away from internet today, so i couldn't do the things you told me you needed. here they are.

thanks, again. boyd

Attached Files



#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 AM

Posted 22 October 2009 - 07:34 AM

Hi,

Malwarebytes found the infection and removed it. How is your PC behaving now?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 boydphoto

boydphoto
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 25 October 2009 - 05:23 PM

hi, temp. sorry i'm late on this reply, but i haven't been able to get online for a couple of days. now, temporarily, at least, i can. i keep lrosing programs: firefox and malwarebytes, to mention a couple. i just ran another mbam scan, so here are the results. by the way, while i need your help with my comp, i'm certified in photoshop, so if i can fix some photos for you i would like the chance to repay you for all your time. sincerely, boyd.

Attached Files



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:06 AM

Posted 26 October 2009 - 01:38 PM

Hi,

this is odd. Please provide a new OTL log with the following settings:
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Extra Registry box change it to All
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
What exactly do you mean by "gone"? Do the shortcut on your Desktop no longer work? Have you searched for the program with the searchfunction and can't find it any longer? Please describe the symptoms that make you think it is no longer installed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users