Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 mommaofa

mommaofa

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 30 October 2009 - 02:52 PM

Pop ups keep happening about working from home or making money from google. I also have no use of some of the items on my desktop or some programs I cannot get into.





DDS (Ver_09-10-26.01) - NTFSx86
Run by Monica at 15:09:52.65 on Fri 10/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.110 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
SVCHOST.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1152298186\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\PayPal\Payment Wizard\PaypalOE.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\program files\common files\aol\1152298186\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1152298186\ee\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Monica\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://today.ask.com/frostwire?o=101676&l=dis
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol search\AOLSearch.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol search\AOLSearch.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\vvgeowbv.exe,c:\windows\system32\userinit.exe,
uWinlogon: Userinit=c:\windows\system32\vvgeowbv.exe,c:\windows\system32\userinit.exe
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol search\AOLSearch.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: {c92147dd-5cc3-4b75-acb3-f199eb34ee21} - c:\windows\system32\mllji.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [WeatherDPA] "c:\program files\zango\bin\10.3.79.0\Weather.exe" -auto
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [<NO NAME>]
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1152298186\ee\AOLSoftware.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AntispyStorm] c:\program files\antispystorm\AntispyStorm.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [direjutis] Rundll32.exe "c:\windows\system32\tehepepa.dll",a
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\monica\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
StartupFolder: c:\docume~1\monica\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag scrapbooks\agremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paymen~1.lnk - c:\program files\paypal\payment wizard\PaypalOE.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\QBServerUtilityMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: mandtbank.com\onlinebanking
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\ldcore.dll c:\progra~1\google\google~1\goec62~1.dll pazohehi.dll c:\windows\system32\tehepepa.dll c:\windows\system32\tomavita.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: durudawel - {01d1371b-4b0c-4679-a6f0-c94ec9384a5e} - c:\windows\system32\tehepepa.dll
STS: kupuhivus: {01d1371b-4b0c-4679-a6f0-c94ec9384a5e} - c:\windows\system32\tehepepa.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mllji.dll
LSA: Notification Packages = scecli galaleka.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\monica\applic~1\mozilla\firefox\profiles\lwvlokg1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\monica\application data\mozilla\firefox\profiles\lwvlokg1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\monica\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-30 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-30 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-30 285392]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-25 29744]

=============== Created Last 30 ================

2009-10-30 13:57:24 0 d--h--w- C:\$AVG
2009-10-30 13:56:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 13:56:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-30 13:56:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-30 13:56:14 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-30 13:56:09 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-30 13:55:25 0 d-----w- c:\program files\AVG
2009-10-30 13:55:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-30 01:24:19 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-30 01:24:16 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-30 01:24:05 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-30 01:24:03 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-10-30 01:24:03 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-10-30 01:23:59 0 d-----w- c:\docume~1\monica\applic~1\Simply Super Software
2009-10-30 01:23:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-10-30 00:59:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2

==================== Find3M ====================

2009-09-20 12:17:27 1530 ----a-w- c:\windows\system32\gasfkydicfpynl.dat
2009-09-18 09:56:10 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-21 09:46:35 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:11:47 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 14:01:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-04 14:00:46 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:00:46 2180352 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 13:58:28 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 13:13:35 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 13:13:32 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 13:13:32 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-30 01:26:23 60928 --sha-w- c:\windows\system32\dasejaru.dll
2009-07-29 13:26:42 52224 --sha-w- c:\windows\system32\galaleka.dll
2005-10-16 05:35:05 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-30 01:26:23 38400 --sha-w- c:\windows\system32\sasisudi.dll
2009-07-30 13:26:45 90112 --sha-w- c:\windows\system32\tehepepa.dll
2009-07-30 13:26:45 37888 --sha-w- c:\windows\system32\ziwiwuje.dll

============= FINISH: 15:11:49.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:13 PM

Posted 06 November 2009 - 12:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 mommaofa

mommaofa
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 06 November 2009 - 07:14 PM

OTL logfile created on: 11/6/2009 6:55:48 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Monica\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 220.38 Mb Available Physical Memory | 43.21% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.80 Gb Total Space | 1.40 Gb Free Space | 4.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCZY2B71
Current User Name: Monica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/06 18:54:56 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monica\Desktop\OTL.exe
PRC - [2009/10/30 08:55:53 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/30 08:55:51 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/30 08:55:50 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/30 08:55:49 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/30 08:55:39 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/30 08:55:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/08/04 09:01:57 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/04 09:01:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/06 13:14:28 | 00,140,584 | ---- | M] (AOL LLC.) -- c:\Program Files\AIM Toolbar\aimtbServer.exe
PRC - [2009/04/23 05:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/10/10 13:40:31 | 00,538,432 | ---- | M] () -- C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
PRC - [2008/08/21 16:36:41 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/08/21 16:36:41 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/08/21 16:36:41 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/11/06 10:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/08/31 14:16:47 | 00,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2007/08/31 14:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/07/17 10:03:38 | 00,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 14:04:42 | 00,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1152298186\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 19:52:48 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1152298186\ee\aolsoftware.exe
PRC - [2006/09/25 19:52:48 | 00,050,736 | ---- | M] (America Online, Inc.) -- c:\Program Files\Common Files\AOL\1152298186\ee\aolsoftware.exe
PRC - [2006/09/19 09:31:58 | 00,149,024 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe
PRC - [2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
PRC - [2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2005/04/23 15:32:41 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/01/18 09:57:22 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exE
PRC - [2005/01/06 09:01:00 | 00,819,336 | ---- | M] (PayPal, Inc.) -- C:\Program Files\PayPal\Payment Wizard\PAYPALOE.exe
PRC - [2004/12/16 10:26:58 | 00,462,848 | ---- | M] (Dell) -- C:\WINDOWS\SYSTEM32\dlbxcoms.exe
PRC - [2004/10/14 14:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 05:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2003/09/03 20:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/27 09:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/06 18:54:56 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monica\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\FRAMEDYN.DLL


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 08:55:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/04 09:01:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/08/21 16:36:41 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 07:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/16 20:08:00 | 00,071,184 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 09:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2004/12/16 10:26:58 | 00,462,848 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\PCHSVC.DLL -- (helpsvc)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/08/27 09:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)
SRV - [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/10/30 08:56:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/30 08:56:43 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/30 08:56:38 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/08/31 14:15:45 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/15 13:14:28 | 00,019,840 | ---- | M] (Generic) -- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys -- (StMp3Rec)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/30 13:29:31 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2005/05/01 01:44:56 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/04/23 15:32:44 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/01/27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/09/17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 22:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B)
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - [2002/12/13 03:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\URLSearchHook: *{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\URLSearchHook: *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\S-1-5-21-1427785011-3674265369-1912894857-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/home.html"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091019W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.03.01
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:34:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/04 09:02:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/30 08:55:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/30 08:56:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 18:52:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 21:59:13 | 00,000,000 | ---D | M]

[2009/04/04 23:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Monica\Application Data\Mozilla\Extensions
[2009/04/04 23:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Monica\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/01 13:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Monica\Application Data\Mozilla\Firefox\Profiles\lwvlokg1.default\extensions
[2009/09/02 16:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Monica\Application Data\Mozilla\Firefox\Profiles\lwvlokg1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/21 09:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Monica\Application Data\Mozilla\Firefox\Profiles\lwvlokg1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/16 23:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Monica\Application Data\Mozilla\Firefox\Profiles\lwvlokg1.default\extensions\moveplayer@movenetworks.com
[2009/03/16 14:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Monica\Application Data\Mozilla\Firefox\Profiles\lwvlokg1.default\extensions\plugin@yontoo.com
[2009/06/17 12:47:35 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\Monica\Application Data\Mozilla\Firefox\Profiles\lwvlokg1.default\searchplugins\aim-search.xml
[2009/11/01 13:33:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/15 12:48:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/28 21:59:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/07 11:36:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/08/04 09:04:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/28 21:58:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/28 21:58:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/08/21 16:36:41 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2008/06/17 15:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/08/04 09:01:59 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/08/22 14:51:40 | 00,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
[2008/01/10 16:30:42 | 00,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2009/10/28 21:59:06 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2004/12/14 01:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006/12/18 15:03:42 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2006/12/18 15:03:42 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2006/12/18 15:03:42 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2006/12/18 15:03:42 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2006/12/18 15:03:42 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2006/12/18 15:03:43 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2006/12/18 15:03:43 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/09/09 23:22:29 | 04,100,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npsibelius.dll
[2006/01/18 11:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/07/23 08:28:43 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/23 08:28:43 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/30 09:00:36 | 00,002,265 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/23 08:28:43 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/23 08:28:43 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/23 08:28:43 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/23 08:28:43 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/23 08:28:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {C92147DD-5CC3-4B75-ACB3-F199EB34EE21} - C:\WINDOWS\System32\mllji.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [direjutis] C:\WINDOWS\System32\yebalino.DLL File not found
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [dlbxmon.exe] C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe (Dell)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152298186\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006..\Run: [WeatherDPA] C:\Program Files\Zango\bin\10.3.79.0\Weather.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG Scrapbooks\AGremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Payment Wizard Options.lnk = C:\Program Files\PayPal\Payment Wizard\PAYPALOE.exe (PayPal, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Database Server Manager.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Monica\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe File not found
O4 - Startup: C:\Documents and Settings\Monica\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..Trusted Domains: mandtbank.com ([onlinebanking] https in Trusted sites)
O15 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\ldcore.dll) - C:\WINDOWS\System32\ldcore.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (pazohehi.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\tomavita.dll) - C:\WINDOWS\System32\tomavita.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yebalino.dll) - C:\WINDOWS\System32\yebalino.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\vvgeowbv.exe) - C:\WINDOWS\System32\vvgeowbv.exe File not found
O20 - HKU\S-1-5-21-1427785011-3674265369-1912894857-1006 Winlogon: UserInit - (C:\WINDOWS\system32\vvgeowbv.exe) - C:\WINDOWS\System32\vvgeowbv.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: jodedejaz - {f8fa1073-c9e1-4869-8e80-1c74ea01f125} - C:\WINDOWS\System32\yebalino.dll File not found
O22 - SharedTaskScheduler: {f8fa1073-c9e1-4869-8e80-1c74ea01f125} - jugezatag - C:\WINDOWS\System32\yebalino.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (MuggleNet.com Desktop Countdown) - http://www.mugglenet.com/countdown/desktop-dhootp.html
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\mllji.dll) - C:\WINDOWS\System32\mllji.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{52646760-50e8-11dc-9bf4-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{52646760-50e8-11dc-9bf4-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52646760-50e8-11dc-9bf4-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 18:54:49 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monica\Desktop\OTL.exe
[2009/10/30 14:58:23 | 08,499,200 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Monica\Desktop\cbSetup8.exe
[2009/10/30 14:14:30 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Monica\Desktop\RootRepeal.exe
[2009/10/30 09:00:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Local Settings\Application Data\AVG Security Toolbar
[2009/10/30 08:57:24 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/30 08:56:53 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/30 08:56:50 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/30 08:56:42 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/30 08:56:38 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/30 08:56:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/30 08:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/30 08:55:25 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/30 08:55:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/30 08:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Monica\My Documents\Simply Super Software
[2009/10/29 20:24:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/10/29 20:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Application Data\Simply Super Software
[2009/10/29 20:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/29 19:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2009/10/16 09:07:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Local Settings\Application Data\AIM
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/06 19:00:03 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\cvxqnwbq.job
[2009/11/06 18:58:28 | 44,760,983 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/06 18:57:30 | 00,086,225 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/06 18:54:56 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monica\Desktop\OTL.exe
[2009/11/06 18:48:01 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Monica\NTUSER.DAT
[2009/11/06 18:45:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/06 18:42:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 18:42:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/06 18:42:20 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 17:14:16 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Monica\NTUSER.INI
[2009/11/02 13:58:09 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 13:58:09 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/02 13:58:09 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/11/01 19:09:47 | 00,004,100 | -H-- | M] () -- C:\WINDOWS\System32\vulitiwa
[2009/11/01 09:42:41 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/01 09:32:02 | 00,000,718 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/10/30 16:51:26 | 00,035,328 | ---- | M] () -- C:\WINDOWS\sa23sl.exe
[2009/10/30 16:28:48 | 07,655,819 | ---- | M] () -- C:\Documents and Settings\Monica\Desktop\FP.zip
[2009/10/30 14:58:23 | 08,499,200 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Monica\Desktop\cbSetup8.exe
[2009/10/30 14:14:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Monica\Desktop\settings.dat
[2009/10/30 14:14:30 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Monica\Desktop\RootRepeal.exe
[2009/10/30 14:09:00 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Monica\Desktop\dds.scr
[2009/10/30 08:56:54 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/30 08:56:53 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/30 08:56:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/30 08:56:43 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/30 08:56:38 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/30 08:56:38 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/30 08:56:15 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/30 08:56:15 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/26 23:20:08 | 00,000,874 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/10/16 02:08:02 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 21:42:12 | 04,076,049 | ---- | M] () -- C:\Documents and Settings\Monica\My Documents\FileZilla_3.2.8.1_win32-setup.exe
[2009/10/08 15:13:10 | 04,080,450 | ---- | M] () -- C:\Documents and Settings\Monica\My Documents\FileZilla_3.2.8_win32-setup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/30 20:27:11 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\cvxqnwbq.job
[2009/10/30 16:51:45 | 00,035,328 | ---- | C] () -- C:\WINDOWS\sa23sl.exe
[2009/10/30 16:28:46 | 07,655,819 | ---- | C] () -- C:\Documents and Settings\Monica\Desktop\FP.zip
[2009/10/30 14:14:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Monica\Desktop\settings.dat
[2009/10/30 14:08:56 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Monica\Desktop\dds.scr
[2009/10/30 08:56:54 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/30 08:56:37 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/30 08:56:15 | 44,611,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/30 08:56:15 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/30 08:56:15 | 00,069,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/30 08:56:14 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/29 20:24:19 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/29 20:24:16 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/29 20:24:03 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/10/29 20:24:03 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/15 21:42:07 | 04,076,049 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\FileZilla_3.2.8.1_win32-setup.exe
[2009/10/08 15:13:07 | 04,080,450 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\FileZilla_3.2.8_win32-setup.exe
[2007/10/31 14:30:13 | 00,006,702 | -HS- | C] () -- C:\WINDOWS\System32\ijllm.ini
[2007/08/22 15:09:23 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/10 14:51:00 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/07/10 14:50:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/07/10 14:50:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/07/10 14:50:07 | 00,000,021 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2007/05/27 11:21:48 | 00,000,316 | ---- | C] () -- C:\WINDOWS\mybc32.INI
[2007/02/20 08:35:35 | 00,000,039 | ---- | C] () -- C:\WINDOWS\bizpub32.INI
[2007/02/05 12:04:56 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/05 12:04:28 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/07/12 23:12:08 | 00,002,111 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/07/12 22:54:42 | 00,000,709 | ---- | C] () -- C:\WINDOWS\IHEALTH.INI
[2006/07/12 22:54:41 | 00,000,347 | ---- | C] () -- C:\WINDOWS\valuterm.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/24 00:10:08 | 00,229,280 | ---- | C] () -- C:\Documents and Settings\Monica\Application Data\GDIPFONTCACHEV1.DAT
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/28 00:06:16 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/23 01:23:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/24 22:26:58 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/01/24 22:26:57 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/01/24 22:26:32 | 00,000,127 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2006/01/24 22:24:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/01/24 22:21:33 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2005/10/16 00:35:05 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/05/26 10:16:28 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/05/04 11:09:10 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Monica\Application Data\PFP120JPR.{PB
[2005/05/04 11:09:10 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Monica\Application Data\PFP120JCM.{PB
[2005/05/01 13:15:37 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Monica\Local Settings\Application Data\fusioncache.dat
[2005/04/29 17:49:23 | 00,233,456 | ---- | C] () -- C:\Documents and Settings\Monica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/04/27 20:47:33 | 00,000,874 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/27 19:57:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Monica\Application Data\DESKTOP.INI
[2005/04/27 19:57:01 | 03,708,814 | -H-- | C] () -- C:\Documents and Settings\Monica\Local Settings\Application Data\IconCache.db
[2005/04/23 15:39:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/23 15:36:22 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/23 14:56:24 | 00,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/20 04:56:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2005/01/20 04:55:48 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2005/01/20 04:55:24 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/01/20 04:54:40 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2005/01/20 04:54:28 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2005/01/20 04:54:18 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2005/01/20 04:53:44 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2005/01/20 04:46:32 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2004/08/10 13:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:04:08 | 00,000,718 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 12:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/10 12:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/03/30 16:45:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DBBB4EA
< End of report >




OTL Extras logfile created on: 11/6/2009 6:55:48 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Monica\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 220.38 Mb Available Physical Memory | 43.21% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.80 Gb Total Space | 1.40 Gb Free Space | 4.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCZY2B71
Current User Name: Monica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- File not found
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Disabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Documents and Settings\Monica\My Documents\incredimail_install.exe" = C:\Documents and Settings\Monica\My Documents\incredimail_install.exe:*:Disabled:IncrediMail Installer -- File not found
"C:\Program Files\Homestead\Homestead SiteBuilder\SiteBuilderLPXLauncher.exe" = C:\Program Files\Homestead\Homestead SiteBuilder\SiteBuilderLPXLauncher.exe:*:Enabled:Homestead SiteBuilder -- ()
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1152298186\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1152298186\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Documents and Settings\Monica\Local Settings\Temp\IXP001.TMP\smwinvnc.exe" = C:\Documents and Settings\Monica\Local Settings\Temp\IXP001.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server -- File not found
"C:\Documents and Settings\Monica\Local Settings\Temp\IXP001.TMP\SMPCSetup.exe" = C:\Documents and Settings\Monica\Local Settings\Temp\IXP001.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe:*:Enabled:IntelMEM -- (Intel Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5DEF0013-7E35-4EEF-92AB-E76925A7F8F1}" = PayPal Payment Request Wizard
"{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}" = MySoftware Fonts
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74BCC862-CCD6-4A58-BDF9-7BB59FC31AB3}" = American Greetings Scrapbooks and More!
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7DAEC492-75C6-4E09-9FD9-EF4D222C8F82}" = Socrates Media Product Browser
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B6A97694-3F76-43BF-AE6A-CF2900F12BE3}" = Fusion Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F8E8BF1C-5AE4-4B36-8ACC-6DF7ED2D409F}" = TaxCut Pennsylvania 2007
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AOL Search" = AOL Search
"AOL Uninstaller" = AOL Uninstaller
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG Free 9.0
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DeductionPro 2006" = DeductionPro 2006
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 962" = Dell Photo AIO Printer 962
"DVD Photo Slideshow Professional" = DVD Photo Slideshow Pro 7.97
"eMusic Download Manager" = eMusic Download Manager 3.0
"FileZilla Client" = FileZilla Client 3.2.8.1
"Google Desktop" = Google Desktop
"Homestead SiteBuilder" = Homestead SiteBuilder
"IncrediMail" = IncrediMail Xe
"InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"Musicnotes Player" = Musicnotes Player
"MyWaySearchAssistantDE" = My Way Search Assistant
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PROSet" = Intel® PRO Network Adapters and Drivers
"Punch! Professional Home Design - Platinum" = Punch! Professional Home Design - Platinum
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SysInfo" = Creative System Information
"Tax Forms Helper 2007_is1" = Tax Forms Helper 2007 8.0
"Tax Forms Helper 2008_is1" = Tax Forms Helper 2008 8.5
"TaxCut Premium 2006" = TaxCut Premium 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1427785011-3674265369-1912894857-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2009 7:51:31 PM | Computer Name = DCZY2B71 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/29/2009 7:54:25 PM | Computer Name = DCZY2B71 | Source = McLogEvent | ID = 5051
Description =

Error - 10/29/2009 9:44:23 PM | Computer Name = DCZY2B71 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 9:39:09 AM | Computer Name = DCZY2B71 | Source = McAfee Backup and Restore | ID = 0
Description = 1) Exception Information *********************************************
Exception
Type: System.InvalidOperationException Message: Your McAfee Backup and Restore user
settings file does not exist. TargetSite: Void SetPaths() HelpLink: NULL Source: MBKSilentInstaller

StackTrace
Information ********************************************* at MBKSilentInstaller.MBKUninstallationWizard.SetPaths()

at MBKSilentInstaller.MBKUninstallationWizard.HandleMBKUninstallation(Form owner)

2)
Exception Information ********************************************* Exception Type:
System.IO.FileNotFoundException Message: Could not find file "C:\Documents and Settings\All
Users\Application Data\McAfee\MBK\UserBindingInfo.xml". FileName: C:\Documents and
Settings\All Users\Application Data\McAfee\MBK\UserBindingInfo.xml FusionLog: NULL
TargetSite:
System.Collections.Hashtable LoadBindingInfo() HelpLink: NULL Source: Arbus.Common

StackTrace
Information ********************************************* at Arbus.Common.UserPathConfigurationHelper.LoadBindingInfo()

at MBKSilentInstaller.MBKUninstallationWizard.SetPaths()

Error - 10/30/2009 9:51:10 AM | Computer Name = DCZY2B71 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 9:51:11 AM | Computer Name = DCZY2B71 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 5:31:34 PM | Computer Name = DCZY2B71 | Source = MsiInstaller | ID = 10005
Description = Product: Fusion Player -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2755. The arguments are: 3, C:\DOCUME~1\Monica\LOCALS~1\Temp\Temporary
Directory 1 for FP.zip\FP\Fusion Player Setup.msi,

Error - 11/1/2009 10:27:59 AM | Computer Name = DCZY2B71 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/2/2009 2:56:49 PM | Computer Name = DCZY2B71 | Source = Application Hang | ID = 1002
Description = Hanging application dsc.exe, version 7.0.560.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 11:02:52 AM | Computer Name = DCZY2B71 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/6/2009 7:44:15 PM | Computer Name = DCZY2B71 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/6/2009 7:44:15 PM | Computer Name = DCZY2B71 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/6/2009 7:44:15 PM | Computer Name = DCZY2B71 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/6/2009 7:44:15 PM | Computer Name = DCZY2B71 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/6/2009 7:45:03 PM | Computer Name = DCZY2B71 | Source = Service Control Manager | ID = 7038
Description = The QuickBooksDB17 service was unable to log on as .\QBDataServiceUser17
with the currently configured password due to the following error: %%1326 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 11/6/2009 7:45:03 PM | Computer Name = DCZY2B71 | Source = Service Control Manager | ID = 7000
Description = The QuickBooksDB17 service failed to start due to the following error:
%%1069

Error - 11/6/2009 7:49:20 PM | Computer Name = DCZY2B71 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 11/6/2009 7:50:46 PM | Computer Name = DCZY2B71 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/6/2009 7:50:46 PM | Computer Name = DCZY2B71 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/6/2009 7:51:17 PM | Computer Name = DCZY2B71 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 001320023EC2.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:13 PM

Posted 07 November 2009 - 11:15 AM

Hi,

please run malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

and gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:13 PM

Posted 12 November 2009 - 07:44 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users