Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error Server Process Launcher terminated


  • This topic is locked This topic is locked
41 replies to this topic

#1 rayandi

rayandi

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 25 January 2010 - 07:23 PM

I tried to follow the Prep Guide but was unable to get DDS to run.





Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : D8T91551
Creation time : 1/25/2010 7:18:21 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.6001.18702
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.9.0.9
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.)
* C:\Documents and Settings\new account\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
* C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
* C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
* C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
* C:\Documents and Settings\new account\Desktop\runscanner\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)

Unrated items
-------------
002 * C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
002 C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
002 C:\WINDOWS\p_981116.exe (Microsoft Corporation)
002 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
002 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.)
002 C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
002 C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
003 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
003 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
003 * C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
003 * C:\Program Files\mSpot\Music Sync\AT&T\msptcmd.exe (mSpot)
003 C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
003 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
005 C:\PROGRA~1\DIGITA~1\DLG.exe (BVRP Software)
005 C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe (Hewlett-Packard Co.)
005 C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe (Hewlett-Packard Co.)
010 * C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\WINDOWS\system32\CTsvcCDA.exe (Creative Service for CDROM Access)
010 C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (Firebird Server - MAGIX Instance)
010 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (GoogleDesktopManager)
010 C:\WINDOWS\system32\LEXBCES.EXE (LexBce Server)
010 C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12)
010 C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (UPnPService)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 C:\WINDOWS\system32\drivers\cdrbsdrv.sys (cdrbsdrv)
011 C:\WINDOWS\System32\Drivers\Capt905c.sys (DB CIF Cam)
011 C:\WINDOWS\System32\Drivers\Capt9052.sys (Disney Micro)
011 C:\WINDOWS\system32\drivers\drvmcdb.sys (drvmcdb)
011 C:\WINDOWS\system32\drivers\drvnddm.sys (drvnddm)
011 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (DSproct)
011 C:\WINDOWS\System32\Drivers\SQcaptur.sys (Dual-Mode DSC(2770))
011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR ASPI Filter Driver)
011 C:\WINDOWS\System32\DRIVERS\omci.sys (OMCI WDM Device Driver)
011 * C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011 * C:\WINDOWS\system32\DRIVERS\s616bus.sys (Sony Ericsson Device 616 driver (WDM))
011 * C:\WINDOWS\system32\DRIVERS\s616mgmt.sys (Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM))
011 * C:\WINDOWS\system32\DRIVERS\s616obex.sys (Sony Ericsson Device 616 USB WMC OBEX Interface)
011 C:\WINDOWS\system32\drivers\sscdbhk5.sys (sscdbhk5)
011 C:\WINDOWS\system32\drivers\ssrtln.sys (ssrtln)
011 C:\WINDOWS\system32\dla\tfsnboio.sys (tfsnboio)
011 C:\WINDOWS\system32\dla\tfsncofs.sys (tfsncofs)
011 C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndrct)
011 C:\WINDOWS\system32\dla\tfsndres.sys (tfsndres)
011 C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnifs)
011 C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnopio)
011 C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnpool)
011 C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudf)
011 C:\WINDOWS\system32\dla\tfsnudfa.sys (tfsnudfa)
031 C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
031 C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
042 GUID / CLSID not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
050 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
052 GUID / CLSID not found {5C255C8A-E604-49b4-9D64-90988571CECB}
052 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 C:\Program Files\Sonic\RecordNow!\shlext.dll {DEE12703-6333-4D4E-8F34-738C4DCC2E04}
061 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
061 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
067 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
069 C:\WINDOWS\system32\LEXLMPM.DLL (Lexmark International, Inc.)
069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)
100 ProxyServer HKCU : :0
100 SearchUrl HKCU : http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
100 Start Page HKCU : http://www.yahoo.com/
102 GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}
104 * C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx (The Facebook) {0CCA191D-13A6-4E29-B746-314DEE697D83}
104 GUID / CLSID not found {2B323CD9-50E3-11D3-9466-00A0C9700498}
104 GUID / CLSID not found {33564D57-0000-0010-8000-00AA00389B71}
104 * C:\WINDOWS\Downloaded Program Files\PlaNetSysInfo.dll (PlaNet Software, Inc.) {3E90FFF5-1347-45B9-91F6-DA47926E9697}
104 C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx (MySpace, Inc.) {48DD0448-9209-4F81-9F6D-D83562940134}
104 * C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll (eBay, Inc.) {4C39376E-FA9D-4349-BACC-D305C1750EF3}
104 * C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.68.dll (PlayFirst, Inc.) {639658F3-B141-4D6B-B936-226F75A5EAC3}
104 GUID / CLSID not found {74C861A1-D548-4916-BC8A-FDE92EDFF62C}
104 GUID / CLSID not found {7D1E9C49-BD6A-11D3-87A8-009027A35D73}
104 C:\WINDOWS\Downloaded Program Files\mjolauncher.dll (MumboJumbo Online) {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}
104 * C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx (The Facebook) {8100D56A-5661-482C-BEE8-AFECE305D968}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 C:\WINDOWS\Downloaded Program Files\MySpaceUploader2.ocx (MySpace) {9C23D886-43CB-43DE-B2DB-112A68D7E10A}
104 * C:\WINDOWS\Downloaded Program Files\ddfotg.1.0.0.37.dll (PlayFirst, Inc.) {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}
104 * C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll (eBay, Inc.) {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
104 C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
104 * C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll (Oberon Media, Inc.) {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
104 * C:\WINDOWS\Downloaded Program Files\ImageUploader4_5.ocx (Facebook, Inc.) {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}
104 * C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80.dll (PlayFirst, Inc.) {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
104 * C:\WINDOWS\Downloaded Program Files\popcaploader.dll (PopCap Games) {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
147 C:\WINDOWS\system32\zwebauth.dll
170 {2806629e-e4eb-11dd-88e8-000d56f879f0} : E:\wd_windows_tools\WDSetup.exe
170 {b634d0c4-e2cd-11de-8982-000d56f879f0} : E:\InstallTomTomHOME.exe
173 GUID / CLSID not found
173 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
173 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
221 GUID / CLSID not found
221 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
227 GUID / CLSID not found
227 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu

Missing files
-------------
002 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
002 C:\Program Files\Logitech\Video\CameraAssistant.exe
002 C:\WINDOWS\system32\ElkCtrl.exe
002 C:\Program Files\Logitech\Video\InstallHelper.exe
002 C:\WINDOWS\system32\LVCOMSX.EXE
002 C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
003 C:\Documents and Settings\new account\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
003 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
003 C:\Program Files\Microsoft Money\System\mnyexpr.exe
003 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
005 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\bvrp_pci.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 System32\DRIVERS\wATV03nt.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\Lvckap.sys
011 c:\windows\system32\DRIVERS\LV561AV.SYS
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\rootrepeal.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 System32\DRIVERS\wanatw4.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
036 http:
036 http:
036 http:
036 http:
061 deskpan.dll
104 C:\WINDOWS\DOWNLO~1\CTSUEng.ocx
104 C:\WINDOWS\Downloaded Program Files\mnviewer.dll
104 C:\WINDOWS\DOWNLO~1\DISNEY~1.OCX
104 C:\ImageUploader4.ocx
104 C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx
104 C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
104 C:\WINDOWS\Downloaded Program Files\zpa_hrtz.ocx
104 C:\WINDOWS\Downloaded Program Files\zpa_txhe.ocx
104 C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
104 C:\WINDOWS\Downloaded Program Files\gpcontrol.dll
104 C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
104 C:\WINDOWS\DOWNLO~1\CTPID.ocx

Edited by rayandi, 25 January 2010 - 07:26 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 PM

Posted 31 January 2010 - 10:50 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 31 January 2010 - 10:55 AM

Thanks so much for the help!!! I have ran / am running the DDS, the explination box did appear for a second or two, then disappeared. Does that mean its finished? If so, I did not get a report.

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 PM

Posted 31 January 2010 - 12:14 PM

Hello rayandi ! welcome.gif

I am Blind Faith or Elle(it's easier to remember,I think) and I will help you with your malware related problems.
As you can see I am still a trainee and that means my work is revised by a coach.
Therefore, it will take a bit longer for me to reply.
So don't be impatient because I won't leave your case suspended in the air,waiting forever.

NOTE: Do not make any type of changes to your system during the cleaning process.The steps you are following are based on strict information from your system.So changes which I did not give instructions for are not recommended.

I will need some time to research the files on your system so please click the Options button at the top bar of this topic and Track this Topic, where you should choose email notifications to know when I replied.



During the cleaning process many files may be hidden so please unhide them by following the instructions listed here: How to show hidden files and folders.
And also do not make any other changes to your system.
This will not help any of us because fixes are based on strict information I find in your logs so changing it will only complicate the situation. smile.gif

Remember to check your topic for new replies.

Probably, it will take a couple of days until the next reply but after that everything will go faster.

Also please let me know if you still need help after you have read this.



Elle





Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 31 January 2010 - 03:01 PM

Okay I unhid the files and folders. Do I need to rerun anything or do I just wait now? I replied earlier that dds wouldn't run or didn't give me a log, not sure what happened there. Let me know if you need anything else. Thanks!!!!!!!

#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 PM

Posted 31 January 2010 - 03:03 PM

Hi rayandi,

We will try something else. smile.gif

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning



So in your next reply you will have:
An OTListIt.txt log
An Extra.txt log
And a Gmer log.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 31 January 2010 - 03:29 PM

OTL logfile created on: 1/31/2010 3:19:48 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\new account\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 435.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 5.24 Gb Free Space | 14.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 896.29 Mb Total Space | 75.93 Mb Free Space | 8.47% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8T91551
Current User Name: new account
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 15:19:27 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\new account\Desktop\OTL.exe
PRC - [2010/01/16 19:10:19 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/15 12:35:18 | 000,054,712 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\new account\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/05 15:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 15:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 15:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 15:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 15:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/11/23 17:12:30 | 000,851,968 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/03/08 08:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
PRC - [2006/01/17 13:03:06 | 000,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2005/06/21 23:44:34 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2005/05/11 23:40:38 | 000,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 23:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/05/11 22:23:26 | 000,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/05/11 22:12:54 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/03/15 01:04:00 | 000,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/26 19:47:34 | 000,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2003/06/02 11:01:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2003/06/02 10:56:02 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
PRC - [1999/12/13 01:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/31 15:19:27 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\new account\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/05 15:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 15:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 15:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 15:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/17 18:16:50 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/01 10:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003/06/02 11:01:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [1999/12/13 01:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/11 15:06:34 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/30 14:47:48 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/05 15:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 15:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2009/02/05 15:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 15:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 15:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 15:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/16 13:51:56 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RimUsb.sys -- (RimUsb)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/21 10:08:54 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt9052.sys -- (SQTECH9052)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt905c.sys -- (SQTECH905C)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/16 15:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/12/28 11:49:08 | 000,085,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w300obex.sys -- (w300obex)
DRV - [2005/12/28 11:48:20 | 000,087,824 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w300mgmt.sys -- (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM)
DRV - [2005/12/28 11:47:32 | 000,096,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w300mdm.sys -- (w300mdm)
DRV - [2005/12/28 11:47:28 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w300mdfl.sys -- (w300mdfl)
DRV - [2005/12/28 11:46:40 | 000,060,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2005/12/07 21:02:58 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525bus.sys -- (z525bus) Sony Ericsson Z525 Driver driver (WDM)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/06/22 00:12:34 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/03/07 23:43:27 | 000,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2005/03/07 23:43:26 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2005/03/07 23:43:25 | 000,051,120 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/15 01:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 01:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 01:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/02/27 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 03:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 19:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 19:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/11/18 11:38:32 | 000,591,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/04/09 13:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/08/29 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\S-1-5-21-2550059761-3596505653-168532230-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\S-1-5-21-2550059761-3596505653-168532230-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\S-1-5-21-2550059761-3596505653-168532230-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0


[2009/12/07 11:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new account\Application Data\Mozilla\Extensions
[2009/12/07 11:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new account\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe File not found
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe File not found
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe File not found
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE File not found
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [ymetray] C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe File not found
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\new account\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [mSpotAT&TRemix] C:\Program Files\mSpot\Music Sync\AT&T\msptcmd.exe (mSpot)
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2550059761-3596505653-168532230-1010\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab (PlaNet SysInfo Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://myspace.oberon-media.com/gameshell/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab (ZPA_HRTZ Object)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://myspace.oberon-media.com/gameshell/...tg.1.0.0.37.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/ct.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://myspace.oberon-media.com/gameshell/...sh.1.0.0.80.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://myspace.oberon-media.com/gameshell/...oader_v10en.cab (PopCapLoader Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://pics.ebaystatic.com/aw/pics/navbar/eBayLogoTM.gif
O24 - Desktop Components:1 () - http://us.a1.yimg.com/us.yimg.com/i/ww/beta/y3.gif
O24 - Desktop Components:2 () - http://www.rcog.us/images/horizonwind.GIF
O24 - Desktop Components:3 () - http://us.i1.yimg.com/us.yimg.com/i/ww/beta/y3.gif
O24 - Desktop Components:4 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\new account\My Documents\My Pictures\rayandtab.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\new account\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2806629e-e4eb-11dd-88e8-000d56f879f0}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{b634d0c4-e2cd-11de-8982-000d56f879f0}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 15:19:25 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\new account\Desktop\OTL.exe
[2010/01/25 19:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new account\Local Settings\Application Data\Runscanner.net
[2010/01/25 19:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new account\Desktop\runscanner
[2010/01/25 10:56:31 | 000,000,000 | ---D | C] -- C:\rsit
[2010/01/23 18:31:26 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\new account\Desktop\RootRepeal.exe
[2010/01/22 08:19:33 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\new account\Desktop\TFC.exe
[2010/01/21 12:15:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 12:13:21 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\new account\Desktop\zztoy.exe
[2010/01/21 12:11:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\new account\My Documents\zztoy.exe
[2010/01/12 23:38:41 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/11 16:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/03 17:18:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/01/03 17:18:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/01/03 17:18:12 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/01/03 17:17:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/01/03 17:17:48 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/01/03 17:17:48 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/01/03 17:17:45 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/01/03 17:17:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/01/03 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\JumpStart World Preschool
[2010/01/03 17:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Knowledge Adventure
[2010/01/03 17:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2010/01/02 15:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new account\My Documents\Dora - Lost And Found
[2010/01/02 15:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Dora The Explorer
[2009/05/11 09:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/30 07:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/08/06 11:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/12 02:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/03/04 14:06:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/01/30 17:00:09 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/11/11 16:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/05/11 22:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[2005/03/07 17:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/10/27 09:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2004/10/27 09:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help

========== Files - Modified Within 30 Days ==========

[2010/01/31 15:23:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CB4221CA-793E-430E-A020-4D2674AB8ECF}.job
[2010/01/31 15:19:27 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\new account\Desktop\OTL.exe
[2010/01/31 12:57:52 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\Shockwave Games.lnk
[2010/01/31 11:54:22 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/29 21:47:43 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/29 21:46:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/29 21:46:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/29 21:46:16 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/29 21:45:07 | 008,433,664 | ---- | M] () -- C:\Documents and Settings\new account\ntuser.dat
[2010/01/29 21:45:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\new account\NTUSER.INI
[2010/01/29 16:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/29 06:52:27 | 000,000,366 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\sprout.url
[2010/01/29 06:40:09 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\Woodforest - Home Page.url
[2010/01/28 22:54:34 | 000,137,037 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\myspace.url
[2010/01/26 14:21:16 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lost and Found Adventure.lnk
[2010/01/26 06:18:56 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\Spider Solitaire.lnk
[2010/01/25 19:10:14 | 001,517,740 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\runscanner.zip
[2010/01/25 15:20:17 | 000,022,506 | ---- | M] () -- C:\Documents and Settings\new account\My Documents\Detailed_Cleaning_Lists.pdf
[2010/01/24 19:28:00 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\dds.scr
[2010/01/24 19:01:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/01/23 18:31:27 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\new account\Desktop\RootRepeal.exe
[2010/01/23 17:08:59 | 028,431,344 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\tugf5675.exe
[2010/01/23 00:05:00 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\rkill.pif
[2010/01/22 08:19:33 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\new account\Desktop\TFC.exe
[2010/01/21 12:15:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 12:13:26 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\new account\Desktop\zztoy.exe
[2010/01/21 12:11:43 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\new account\My Documents\zztoy.exe
[2010/01/21 11:02:30 | 000,001,078 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/21 11:02:30 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/01/21 11:02:30 | 000,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/20 17:31:12 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\Learn to Read with phonics.url
[2010/01/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/03 20:45:14 | 000,001,401 | ---- | M] () -- C:\Documents and Settings\new account\Desktop\Facebook.url
[2010/01/03 17:17:04 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JSW Preschool Parent Center.lnk
[2010/01/03 17:17:04 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JumpStart World Preschool ABCs.lnk
[2010/01/03 17:17:04 | 000,000,373 | ---- | M] () -- C:\WINDOWS\KA.INI

========== Files Created - No Company Name ==========

[2010/01/31 12:57:52 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\new account\Desktop\Shockwave Games.lnk
[2010/01/25 19:10:09 | 001,517,740 | ---- | C] () -- C:\Documents and Settings\new account\Desktop\runscanner.zip
[2010/01/25 15:20:17 | 000,022,506 | ---- | C] () -- C:\Documents and Settings\new account\My Documents\Detailed_Cleaning_Lists.pdf
[2010/01/24 19:27:58 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\new account\Desktop\dds.scr
[2010/01/23 18:13:46 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/23 17:08:54 | 028,431,344 | ---- | C] () -- C:\Documents and Settings\new account\Desktop\tugf5675.exe
[2010/01/23 00:04:59 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\new account\Desktop\rkill.pif
[2010/01/21 12:15:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 11:02:25 | 000,002,078 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010/01/21 11:02:25 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/21 11:02:25 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/01/21 11:02:25 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/01/21 11:02:25 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/01/07 15:33:18 | 000,000,434 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CB4221CA-793E-430E-A020-4D2674AB8ECF}.job
[2010/01/05 23:19:35 | 008,433,664 | ---- | C] () -- C:\Documents and Settings\new account\ntuser.dat
[2010/01/03 17:17:04 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JSW Preschool Parent Center.lnk
[2010/01/03 17:17:04 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JumpStart World Preschool ABCs.lnk
[2010/01/02 15:53:03 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lost and Found Adventure.lnk
[2009/11/17 15:09:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2009/11/04 07:46:25 | 000,002,525 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\Hewlett-PackardHP PSC 1500 series1212255048_PROTOCOL.log
[2009/11/04 07:46:25 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\Hewlett-PackardHP PSC 1500 series1212255048_UI.log
[2009/11/04 07:46:25 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/11/04 07:46:25 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\Hewlett-PackardHP PSC 1500 series1212255048_API.log
[2009/08/02 16:58:09 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/08/02 16:57:34 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/08/08 08:55:09 | 000,000,603 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2008/06/02 14:08:47 | 000,114,694 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/06/02 14:08:47 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/06/02 14:08:19 | 000,002,128 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\HPSU_48BitScanUpdate.log
[2008/06/02 14:08:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/06/02 14:03:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2008/06/02 14:03:50 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2008/06/02 14:03:50 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2008/06/02 14:03:33 | 000,002,911 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\PatchUpdate_InstantShareJPG.log
[2008/06/02 14:03:33 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/06/02 14:02:56 | 000,003,698 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/06/02 14:02:56 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/06/02 14:01:39 | 000,038,845 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/06/02 14:01:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/31 12:15:36 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/16 15:30:14 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/03/13 02:12:06 | 000,000,450 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/26 19:15:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/22 15:32:19 | 000,006,094 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/10 12:54:11 | 000,000,119 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/12 20:48:31 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/23 09:57:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/30 14:56:02 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/30 14:54:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/08/17 10:29:11 | 000,000,699 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/06/01 16:08:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/02/08 18:10:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2005/01/31 19:40:06 | 000,000,373 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/01/27 15:43:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/01/20 19:53:50 | 000,002,348 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/12/28 21:27:55 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\new account\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/16 10:00:16 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\new account\Local Settings\Application Data\fusioncache.dat
[2004/12/14 22:49:45 | 000,021,439 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/10/04 09:55:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\PFP120JPR.{PB
[2004/10/04 09:55:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\new account\Application Data\PFP120JCM.{PB
[2004/09/20 13:11:18 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/08/31 20:12:02 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/08/15 13:04:07 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/07/31 17:11:19 | 000,000,324 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/07/01 03:24:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/01 03:10:22 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/01 03:05:27 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/01 02:50:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/01 02:50:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/01 02:35:28 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/04/22 15:37:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/04 21:01:02 | 012,465,440 | ---- | C] () -- C:\Program Files\Blue'sBirthday.(cool.gif
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D29F05C8
@Alternate Data Stream - 247 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDDEC855
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8511DA13
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A202020
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E903DEB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C5E1FAF
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75EFCFC2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53777555
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5D95B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0570058
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAC4FD8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EC881
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01BEC24A
< End of report >






Report #2



OTL Extras logfile created on: 1/31/2010 3:19:48 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\new account\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 435.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 5.24 Gb Free Space | 14.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 896.29 Mb Total Space | 75.93 Mb Free Space | 8.47% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8T91551
Current User Name: new account
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Documents and Settings\new account\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\new account\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient -- File not found
"C:\Documents and Settings\new account\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\new account\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Disabled:Abacast Distributed On-Demand -- (Abacast, Inc.)
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{598D99F7-B97C-424F-B899-69B339336411}}" = Disney Micro
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{04E87FDB-9180-44C5-9C77-5967678B6FEC}" = Dora's Lost and Found Adventure
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{598D99F7-B97C-424F-B899-69B339336411}" = Disney Micro
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B78ACFBD-A0AD-4A37-B8EB-B01745793E67}" = Disney Pix 3.1
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E5DF32-8248-4347-908C-E030EDAE4368}" = DA920EN
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"AbacastNode:11" = Abacast Distributed On-Demand
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AudibleManager" = AudibleManager
"avast!" = avast! Antivirus
"BFG-Amazing Adventures - The Caribbean Secret" = Amazing Adventures: The Caribbean Secret
"BFGC" = Big Fish Games Client
"BFG-Echoes of the Past - Royal House of Stone" = Echoes of the Past: Royal House of Stone
"BFG-Mystery Case Files - Dire Grove Collector's Edition" = Mystery Case Files&reg;: Dire Grove™ Collector's Edition
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"IrfanView" = IrfanView (remove only)
"JumpStart World Preschool ABCs" = JumpStart World Preschool ABCs
"MAGIX Photo Manager US" = MAGIX Photo Manager 4.1.1.77 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime32" = QuickTime for Windows (32-bit)
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.2
"UnityWebPlayer" = Unity Web Player
"Wedding Dash™" = Wedding Dash™
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2550059761-3596505653-168532230-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" ChaCha Guide Application " = ChaCha Guide Application

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/5/2009 4:51:15 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://widget-e8.slide.com/fsnapshot/13690...FFFFF/image.jpg
failed, 0000A413.

Error - 11/5/2009 8:20:53 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://486.webim0044.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/7/2009 5:48:42 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://bid.ace.advertising.com/ctst=1/bid/...m=1257630522187
failed, 0000A413.

Error - 11/8/2009 1:20:25 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://175.webim0077.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/8/2009 6:37:48 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://430.webim0130.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/8/2009 10:41:01 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://446.webim0233.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/8/2009 11:46:48 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://372.webim0233.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/9/2009 4:11:45 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://fim.adnxs.com/fpt?id=3391&size=...b=1257797505015
failed, 0000A413.

Error - 11/15/2009 12:26:20 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.com/get_video_info?&...s%26fr%3Dyfp%2D
failed, 0000A413.

Error - 11/20/2009 9:26:02 PM | Computer Name = D8T91551 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://rt20.infolinks.com/action/dwq.htm?pcode=iso-8859-1 failed, 0000A413.

[ Application Events ]
Error - 5/25/2009 8:18:15 PM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/27/2009 8:13:18 AM | Computer Name = D8T91551 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 5/27/2009 11:52:21 AM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/27/2009 11:52:23 AM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2009 8:43:56 AM | Computer Name = D8T91551 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x001180a9.

Error - 5/31/2009 6:52:27 PM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/31/2009 6:52:29 PM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2009 3:19:46 PM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2009 3:54:16 PM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2009 9:35:17 PM | Computer Name = D8T91551 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/31/2010 11:54:46 AM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 12:54:47 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 12:55:01 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 12:55:16 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 12:55:30 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 12:55:43 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 12:55:57 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 1:15:18 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 1:15:32 PM | Computer Name = D8T91551 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/31/2010 1:57:39 PM | Computer Name = D8T91551 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >

#8 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 31 January 2010 - 03:54 PM

GMER froze after I clicked 'scan
It was on C:\WINDOWS\system32\drivers\disk.sys

#9 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 PM

Posted 01 February 2010 - 08:29 AM

Hi rayandi,


We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D29F05C8
    @Alternate Data Stream - 247 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
    @Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
    @Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9
    @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
    @Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
    @Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
    @Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
    @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDDEC855
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8511DA13
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A202020
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E903DEB
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C5E1FAF
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75EFCFC2
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53777555
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5D95B
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0570058
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAC4FD8
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EC881
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01BEC24A
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.


Download TDSSKiller and save it to your Desktop.
  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log



Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#10 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 01 February 2010 - 12:09 PM

========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D29F05C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EDDEC855 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8511DA13 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A202020 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4E903DEB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1C5E1FAF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:75EFCFC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53777555 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48F5D95B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0570058 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:17639624 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CBAC4FD8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B12D1A7D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:938EC881 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:01BEC24A deleted successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02012010_120933


#11 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 01 February 2010 - 12:12 PM

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.2.2 Jan 13 2010 08:42:25

Scanning Services ...

Scanning Kernel memory ...
Driver "atapi" Irp handler infected by TDSS rootkit ... cured
Driver "atapi" StartIo handler infected by TDSS rootkit ... cured
File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... will be
cured on next reboot

Completed

Results:
Memory objects infected / cured / cured on reboot: 2 / 2 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 1 / 0 / 1

To finalize removal of infection and avoid loosing of data program will
reboot your PC now.
Close all programs and choose Y to restart or N to continue


#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 PM

Posted 01 February 2010 - 02:20 PM

Hi rayandi,

Please reboot for the process to be completed.

How is the PC working now?

Can you run DDS? And if so, please post the logs in your next reply.


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 01 February 2010 - 06:22 PM

Search engines now take me to the right sites! yayyy! DDS still does the same thing. Starts to run and then gives me no log or anything.
Also I have saved alot of things to my desktop, do i need to remove those?
Thanks soooo much Elle!

#14 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 PM

Posted 02 February 2010 - 07:12 AM

Hi rayandi,

We still have to do some things.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

So in your next reply you will have a Malwarebytes Anti-Malware and a Kasperky log.


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#15 rayandi

rayandi
  • Topic Starter

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:10:29 AM

Posted 02 February 2010 - 03:14 PM

Computer is going crzy again. I am now getting windows alerts saying I am infectec. I have started in safe mode and am running these.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users