Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searchclick8 and Virtumonde


  • This topic is locked This topic is locked
10 replies to this topic

#1 kmclark

kmclark

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 09 February 2010 - 11:27 PM

Hello,
I hope you can help. A couple months ago my computer was infected with Virtumonde - I used Malwarebytes to remove it (it wasn't easy). Things went fine for a few weeks, then it reared it's ugly head again. Again I ran Malwarebytes and removed it. Today Avast detected a trojan - I aborted the connection, but immediately Searchclick8 took over my Google searches. I was not able to run Malwarebytes - so I ran SuperAntiSpyware - it found 3 instances of Virtumonde and some other adware. Those items were deleted, but upon restart - I received a message that WINDOWS\System32\pumolozel.dll was not a valid file. I ran SuperAntiSpyware again, it did not find anything. I turned off system restore and went into safe mode and was able to run Malwarebytes - it did not find anything. I then ran Avast in safe mode - it did not find anything. I then ran SpySweeper - that found another instance of Virtumonde. I then ran Malwarebytes and SuperAntiSpyware again - they found nothing. I rebooted in normal mode and as soon as I did a Google search, Searchclick8 took it over and Avast warned of a trojan. So that's where I'm at right now - it seems I can not get rid of this. What should I do?

Thanks,
kmclark

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:14 AM

Posted 10 February 2010 - 08:59 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.



=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 kmclark

kmclark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 10 February 2010 - 11:15 AM

Thank you Sam. OTL would not run in normal mode - each time it would stall at "Checking Service - WmdnPmSN". It ran fine in safe mode. Below are the 2 QTL logs:

OTL logfile created on: 2/10/2010 10:12:00 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 804.00 Mb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.11 Gb Total Space | 9.14 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive D: | 38.29 Gb Total Space | 13.01 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 983.70 Mb Total Space | 38.41 Mb Free Space | 3.90% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATHY
Current User Name: Kathy Clark
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
PRC - [2009/02/25 09:06:44 | 001,180,976 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/02/13 17:09:12 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/01 09:21:51 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/02/25 09:06:44 | 001,180,976 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/02/13 17:09:12 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/20 14:18:52 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2005/10/10 08:49:00 | 000,131,139 | R--- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/01/09 19:08:30 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2003/01/03 10:20:48 | 000,057,344 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2003/01/03 10:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2001/08/22 09:46:02 | 000,217,088 | ---- | M] (Dell Computer Corporation) [Auto | Stopped] -- C:\DMI\WIN32\bin\DellDmi.exe -- (DellDmi)
SRV - [2001/08/22 09:45:42 | 000,131,072 | ---- | M] (Dell Computer Corporation) [Auto | Stopped] -- C:\Program Files\Dell\OpenManage\Client\DLT.exe -- (DLT)
SRV - [2001/08/22 09:45:36 | 000,147,456 | ---- | M] (Dell Computer Corporation) [Auto | Stopped] -- C:\Program Files\Dell\OpenManage\Client\EventAgt.exe -- (DEventAgent)
SRV - [2001/08/22 09:45:26 | 000,118,784 | ---- | M] (Dell Computer Corporation) [Auto | Stopped] -- C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe -- (ActionAgent)
SRV - [2001/08/22 09:45:20 | 000,155,648 | ---- | M] (Dell Computer Corporation) [Auto | Stopped] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2001/06/18 14:21:30 | 000,249,344 | ---- | M] (Intel) [Auto | Stopped] -- C:\DMI\WIN32\bin\Win32sl.exe -- (Win32Sl)
SRV - [2000/06/26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/12 20:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lvsonline.com/
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\S-1-5-21-1822439336-1754454779-3683679437-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\S-1-5-21-1822439336-1754454779-3683679437-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://michigan-made.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 07:42:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 07:42:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/01/15 11:40:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/10/29 07:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/01/15 11:40:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/10/29 07:26:45 | 000,000,000 | ---D | M]

[2009/10/12 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Extensions
[2009/09/21 17:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/02/10 09:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Firefox\Profiles\w42i3bof.default\extensions
[2009/10/29 07:26:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Firefox\Profiles\w42i3bof.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/09 23:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2007/04/20 17:18:31 | 000,000,713 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zemanta Plugin) - {8E42A03A-34ED-46C4-8385-79E9534635FB} - C:\Program Files\Zemanta\Zemanta for Internet Explorer 0.5.7\ZemantaBHO.dll (Zemanta)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Microsoft Update] File not found
O4 - HKU\S-1-5-18..\Run: [Microsoft Update] File not found
O4 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O12 - Plugin for: .bcf - C:\Program Files\Internet Explorer\PLUGINS\NPBelv32.dll (Belarc, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: macromedia.com ([download] https in Trusted sites)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: verizonwireless.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1225241963765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1225241821875 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/Pow...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/45/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-448553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://technicallead.webex.com/client/T26L...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.99.227.4 66.211.92.4
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (c:\windows\system32\hakoyevi.dll wipekize.dll c:\windows\system32\vuruhita.dll c:\windows\system32\ravufuge.dll) - C:\WINDOWS\System32\hakoyevi.dll File not found
O20 - AppInit_DLLs: (pumoloze.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O21 - SSODL: kotugulur - {3ca7f374-136b-4051-be75-1ee77c6d9ba2} - CLSID or File not found.
O21 - SSODL: ravipudud - {065b7838-0b43-4de8-baea-0d1565e35f36} - CLSID or File not found.
O22 - SharedTaskScheduler: {065b7838-0b43-4de8-baea-0d1565e35f36} - tokatiluy - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {3ca7f374-136b-4051-be75-1ee77c6d9ba2} - jugezatag - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (em\\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/31 09:02:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{26a2e13d-9314-11de-8718-00065bb2f879}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell - "" = AutoRun
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d44dc437-8dae-11d9-8929-00065bb2f879}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/10 09:07:22 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010/02/09 21:49:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kathy Clark\Recent
[2010/02/09 13:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/17 20:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/28 07:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/27 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/24 13:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/12 16:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/20 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2007/03/11 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Help
[2007/03/11 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Help
[2006/02/14 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/02/14 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/02/10 20:06:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2002/07/31 13:25:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/07/31 13:25:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/07/31 13:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/10 09:54:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/10 09:53:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/10 09:52:39 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\ntuser.dat
[2010/02/10 09:52:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 09:52:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kathy Clark\NTUSER.INI
[2010/02/10 09:51:27 | 000,001,479 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/10 09:51:27 | 000,000,313 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/02/10 09:51:27 | 000,000,212 | RHS- | M] () -- C:\BOOT.INI
[2010/02/10 09:48:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\2xev85uq.exe
[2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010/02/10 09:00:45 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\gecenwdv.job
[2010/02/09 14:03:36 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yiminare
[2010/02/08 15:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/05 11:00:56 | 000,365,088 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt07.lst
[2010/02/03 23:08:27 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/02/01 22:59:43 | 000,002,565 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/01/31 21:00:06 | 000,001,660 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L5D38E32A182C41CC96CC4F29178F9FBC.job
[2010/01/28 21:48:32 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\Desktop\Found new hardware wizard always fails... in Windows XP Hardware.URL
[2010/01/28 21:03:41 | 000,206,264 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/28 20:32:25 | 000,000,224 | ---- | M] () -- C:\WINDOWS\netscape.INI
[2010/01/28 20:30:51 | 000,004,058 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/10 09:48:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\2xev85uq.exe
[2010/02/09 12:57:48 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\gecenwdv.job
[2010/01/28 21:48:32 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Kathy Clark\Desktop\Found new hardware wizard always fails... in Windows XP Hardware.URL
[2010/01/18 13:50:26 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2010/01/18 13:49:45 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2010/01/18 13:49:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2010/01/18 13:49:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2010/01/18 13:49:43 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2010/01/18 13:49:43 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2010/01/18 13:49:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2010/01/18 13:49:42 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2010/01/18 13:49:42 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2010/01/18 13:49:42 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2010/01/18 13:49:41 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2010/01/18 13:49:41 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2010/01/18 13:49:41 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2010/01/18 13:49:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2010/01/18 13:49:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2010/01/18 13:49:39 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2010/01/18 13:49:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2010/01/18 13:49:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2010/01/18 13:49:37 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2009/01/31 17:01:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/04/30 11:33:10 | 000,000,125 | ---- | C] () -- C:\WINDOWS\mbutton.ini
[2008/01/21 06:14:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/21 09:02:16 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/08/15 14:15:17 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/08/15 14:15:17 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/08/15 14:15:17 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/01/14 00:13:35 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/14 00:13:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/02 11:07:27 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Mp3enc.ini
[2006/10/13 11:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/02 19:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/04 10:41:41 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/03/16 18:39:20 | 001,662,976 | R--- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/16 18:39:20 | 001,019,904 | R--- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/16 18:39:19 | 001,466,368 | R--- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/16 18:39:19 | 000,466,944 | R--- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/16 18:39:17 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/16 18:39:13 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/16 18:39:12 | 000,573,440 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/11 21:28:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2006/02/12 17:36:28 | 000,000,218 | ---- | C] () -- C:\WINDOWS\QCRIB.INI
[2006/01/31 17:35:27 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/31 17:35:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/12/14 15:40:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/26 10:46:23 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/04/12 16:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/05 15:07:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/02/10 20:08:03 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/10 20:07:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/10 20:06:33 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/02/10 20:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/02/10 20:06:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/10 20:06:32 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/02/10 20:06:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/10/05 17:07:10 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/02/02 18:08:29 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2004/01/09 19:32:44 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2003/12/10 12:50:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2003/08/22 18:42:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2003/06/04 15:01:10 | 000,000,071 | ---- | C] () -- C:\Program Files\Common Files\PATCH.ERR
[2003/05/20 21:53:51 | 000,003,615 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2003/03/11 19:30:57 | 000,002,078 | ---- | C] () -- C:\WINDOWS\U3DEDIT2.INI
[2003/03/11 19:30:56 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2003/03/11 19:23:54 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2003/02/26 20:52:51 | 000,031,744 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2003/02/19 20:06:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/02/15 17:33:52 | 000,015,164 | R--- | C] () -- C:\WINDOWS\Mr310twv.ini
[2003/02/15 17:33:49 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2003/02/15 17:33:49 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2003/01/12 17:51:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2003/01/12 17:50:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2003/01/09 19:18:44 | 000,000,067 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/01/06 13:52:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\CoolTips.INI
[2003/01/06 13:52:49 | 000,000,063 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2003/01/06 13:52:46 | 000,010,705 | ---- | C] () -- C:\WINDOWS\coolcust.ini
[2003/01/06 13:52:46 | 000,004,177 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2002/12/11 13:42:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/12/11 09:25:24 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2002/11/15 12:11:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Kathy Clark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/11/12 11:22:19 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2002/10/27 11:47:34 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2002/10/21 16:08:30 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/10/18 12:35:13 | 000,001,173 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2002/10/18 12:35:13 | 000,000,113 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2002/10/15 17:22:26 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2002/10/15 17:22:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2002/10/15 17:22:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2002/10/15 17:22:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2002/10/15 16:16:11 | 000,003,650 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2002/10/15 13:27:32 | 000,000,170 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2002/10/15 13:24:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2002/10/15 13:23:17 | 000,001,908 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/15 13:23:17 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/15 11:32:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2002/10/15 00:10:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2002/10/14 23:53:02 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2002/10/14 23:06:00 | 000,000,085 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2002/10/14 22:32:03 | 000,002,565 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2002/10/14 22:17:34 | 000,000,274 | ---- | C] () -- C:\WINDOWS\POSER.INI
[2002/10/14 21:25:09 | 000,000,066 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2002/10/14 21:24:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Mapedit.ini
[2002/10/14 16:02:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/10/14 15:11:38 | 000,000,224 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2002/10/14 00:06:16 | 000,000,633 | ---- | C] () -- C:\WINDOWS\32BITFAX.INI
[2002/07/31 13:48:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/31 13:41:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/07/31 13:39:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/31 13:27:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000022.DLL
[2002/02/20 20:24:32 | 000,032,926 | ---- | C] () -- C:\Program Files\Page Number Utility .pdf
[2002/02/03 16:33:02 | 000,000,377 | ---- | C] () -- C:\Program Files\Readme PageNumberUtility.txt
[2001/08/18 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/02/03 18:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/09/29 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator
[2006/10/15 08:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/06/18 21:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/12/22 13:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2007/07/19 08:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/12/03 09:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/09/26 07:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2005/09/13 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/24 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Image Zone Express
[2003/04/19 08:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\MailWasher
[2005/04/22 09:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Opera
[2005/12/10 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Printer Info Cache
[2007/12/08 10:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Sharpcast
[2007/08/21 08:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\tmp
[2006/08/23 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Ulead Systems
[2008/09/23 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\webex
[2010/02/10 09:00:45 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\gecenwdv.job
[2010/01/31 21:00:06 | 000,001,660 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L5D38E32A182C41CC96CC4F29178F9FBC.job

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 2/10/2010 10:12:00 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 804.00 Mb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.11 Gb Total Space | 9.14 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive D: | 38.29 Gb Total Space | 13.01 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 983.70 Mb Total Space | 38.41 Mb Free Space | 3.90% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATHY
Current User Name: Kathy Clark
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = MozillaHTML] -- C:\Program Files\Netscape\Netscape\Netscp.exe (Mozilla, Netscape)

[HKEY_USERS\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE -url "%1" (Mozilla, Netscape)
https [open] -- C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE -url "%1" (Mozilla, Netscape)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP Pro\ftp95pro.exe" = C:\Program Files\WS_FTP Pro\ftp95pro.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Netscape\Netscape\Netscp.exe" = C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape -- (Mozilla, Netscape)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Kathy Clark\Local Settings\Temp\occ.exe" = C:\Documents and Settings\Kathy Clark\Local Settings\Temp\occ.exe:*:Enabled:OneCC Module -- File not found
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Alwil Software\Avast4\Setup\avast.setup" = C:\Program Files\Alwil Software\Avast4\Setup\avast.setup:*:Enabled:avast -- File not found
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" = C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv -- (ALWIL Software)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0773A806-0853-4B4D-8771-55BEF03E242B}" = Dell OpenManage Client Instrumentation
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{53C398FE-CD56-412E-B3C7-B27F4B8B07D1}" = Microsoft IntelliType Pro 5.3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 3
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
"{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}" = Macromedia HomeSite 5
"{7472B5B4-3FB7-446F-BC78-6BBA506EC473}" = Opera 9.50
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80AD0483-90C9-4F44-BF70-DF0C2EC6542C}" = HP Create Cards Plugin Holiday Card Pack 2
"{856D4888-3B48-4D0C-99D4-39AA7CF9DB2E}" = HP Photosmart Essential
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87ECFEA1-7882-4FC7-A2E2-2AC0CC262EBC}" = Sothink SWF Decompiler
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{970857BF-0718-493A-ADB7-0E2B8DA52765}" = Zemanta for Internet Explorer 0.5.7
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Platinum 6
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A8A3862C-3280-11D6-B2EA-0050BA18806B}" = Camera Driver
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C4354214-B919-4C8F-84EB-4F9B84ACC02C}" = Retrospect 6.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E6A08900-B729-41C6-8C68-368481E60320}" = HP Create Cards Plugin Holiday Card Pack 1
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"3883.com Advanced Site Submitter_is1" = Advanced Site Submitter 1.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3
"AM-DeadLink" = AM-DeadLink
"ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Belarc Advisor 2.0" = Belarc Advisor 6.0
"CCleaner" = CCleaner (remove only)
"CO2 Saver" = CO2 Saver
"Copy Utility" = Copy Utility
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"E-mail Man " = E-mail Man
"Google Base Store Connector" = Google Base Store Connector
"HijackThis" = HijackThis 1.99.1
"Iconoid_is1" = Iconoid Version 3.8.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver
"InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"Java Web Start" = Java Web Start
"LimeWire" = LimeWire 4.16.6
"Links Assistant_is1" = Links Assistant 1.00
"Macromedia Generator 2" = Macromedia Generator 2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Streets 1998" = Microsoft Expedia Streets 98
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MXOFX" = USB Storage Adapter FX (MXO)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Netscape (7.1)" = Netscape (7.1)
"Netscape (7.2)" = Netscape (7.2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"Paint Shop Pro 6" = Paint Shop Pro 6.01 ESD
"Painter 7" = Painter 7™
"Personal Assistant_is1" = Personal Assistant
"PF1250-1650 Guide" = PF1250-1650 Guide
"Photo Viewer_is1" = Photo Viewer 2.4
"Picasa 3" = Picasa 3
"Quicken Deluxe 98" = Quicken Deluxe 98
"Sharpcast Photos" = Sharpcast Photos
"Shockwave" = Shockwave
"SWiSH v2.01" = SWiSH v2.01
"SysInfo" = Creative System Information
"TopStyle Lite (Version 2)" = TopStyle Lite (Version 2)
"UIU__MODEM_PCI_VEN_14F1&DEV_1033&SUBSYS_020D13E0" = Conexant HCF V90 56K Data Fax PCI Modem
"VideoLive Mail" = VideoLive Mail 4.0
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenofex 1.0" = Xenofex 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/21/2009 7:12:57 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/22/2009 7:20:11 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/23/2009 8:42:11 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/24/2009 10:33:55 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/27/2009 10:36:38 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/27/2009 12:06:39 PM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Kieraatdowgarden\DCP_6656.JPG failed, 0000A420.

Error - 10/28/2009 10:37:50 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/29/2009 10:39:17 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/30/2009 10:41:16 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 10/31/2009 10:42:25 AM | Computer Name = KATHY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

[ Application Events ]
Error - 1/9/2010 1:00:09 PM | Computer Name = KATHY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x0001b19e.

Error - 1/10/2010 5:33:38 PM | Computer Name = KATHY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x000181c5.

Error - 1/11/2010 1:36:32 AM | Computer Name = KATHY | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 6.0.1.1091, faulting module
unknown, version 0.0.0.0, fault address 0x240029e0.

Error - 1/17/2010 12:37:07 PM | Computer Name = KATHY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00010f2b.

Error - 1/21/2010 10:19:46 AM | Computer Name = KATHY | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp2\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/21/2010 11:27:38 AM | Computer Name = KATHY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x0001b19e.

Error - 1/24/2010 1:02:59 PM | Computer Name = KATHY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x0001b185.

Error - 1/31/2010 10:53:21 AM | Computer Name = KATHY | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x000181c5.

[ System Events ]
Error - 2/10/2010 10:02:40 AM | Computer Name = KATHY | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.

Error - 2/10/2010 10:02:40 AM | Computer Name = KATHY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 2/10/2010 10:51:43 AM | Computer Name = KATHY | Source = SSIDRV | ID = 131098
Description = Failed to set monitor event rule.

Error - 2/10/2010 10:54:45 AM | Computer Name = KATHY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/10/2010 10:54:53 AM | Computer Name = KATHY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/10/2010 10:55:09 AM | Computer Name = KATHY | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31

Error - 2/10/2010 10:55:09 AM | Computer Name = KATHY | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/10/2010 10:55:09 AM | Computer Name = KATHY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi BANTExt Fips IPSec MRxSmb NetBIOS NetBT omci Processor RasAcd Rdbss
SASDIFSV
SASKUTIL
Tcpip

Error - 2/10/2010 10:56:24 AM | Computer Name = KATHY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/10/2010 10:56:42 AM | Computer Name = KATHY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


The GMER file would run for a minute or so then shut down Windows - twice in safe mode and then in normal mode. This was the error message:
A problem has been detected and windows has been shut down to prevent damage to your computer.
MULTIPLE_IRP_COMPLETE_REQUESTS

Technical information:
***STOP: 0x00000044 (0x8754AA40m 0x00000D63, 0x00000000, 0x00000000).



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:14 AM

Posted 11 February 2010 - 07:49 AM

Don't worry about Gmer. You can delete it.

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [Microsoft Update] File not found
    O4 - HKU\S-1-5-18..\Run: [Microsoft Update] File not found
    O20 - AppInit_DLLs: (c:\windows\system32\hakoyevi.dll wipekize.dll c:\windows\system32\vuruhita.dll c:\windows\system32\ravufuge.dll) - C:\WINDOWS\System32\hakoyevi.dll File not found
    O20 - AppInit_DLLs: (pumoloze.dll) - File not found
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
    O21 - SSODL: kotugulur - {3ca7f374-136b-4051-be75-1ee77c6d9ba2} - CLSID or File not found.
    O21 - SSODL: ravipudud - {065b7838-0b43-4de8-baea-0d1565e35f36} - CLSID or File not found.
    O22 - SharedTaskScheduler: {065b7838-0b43-4de8-baea-0d1565e35f36} - tokatiluy - Reg Error: Value error. File not found
    O22 - SharedTaskScheduler: {3ca7f374-136b-4051-be75-1ee77c6d9ba2} - jugezatag - Reg Error: Value error. File not found
    [2010/02/10 09:00:45 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\gecenwdv.job
    [2010/02/09 14:03:36 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yiminare
    "5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
    "5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
    "5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
    "5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
    "5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
    "5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
    "5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
    "5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
    "5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
    "5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
    "5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
    "5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
    "5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
    "5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
    "5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
    "5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
    "5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
    "5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
    "5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
    "5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
    "5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


==================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



==================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 kmclark

kmclark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 February 2010 - 09:22 AM

Thank you Sam. I followed your instructions, below are the logs.

I was able to run OTL in normal mode this time.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Update deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Update not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hakoyevi.dll wipekize.dll c:\windows\system32\vuruhita.dll c:\windows\system32\ravufuge.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:pumoloze.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kotugulur deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ca7f374-136b-4051-be75-1ee77c6d9ba2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ravipudud deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{065b7838-0b43-4de8-baea-0d1565e35f36}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{065b7838-0b43-4de8-baea-0d1565e35f36} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{065b7838-0b43-4de8-baea-0d1565e35f36}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3ca7f374-136b-4051-be75-1ee77c6d9ba2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ca7f374-136b-4051-be75-1ee77c6d9ba2}\ not found.
C:\WINDOWS\tasks\gecenwdv.job moved successfully.
C:\WINDOWS\SYSTEM32\yiminare moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Kathy Clark
->Temp folder emptied: 72853 bytes
->Temporary Internet Files folder emptied: 4062224 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67577682 bytes
->Opera cache emptied: 23689863 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39369 bytes
%systemroot%\System32 .tmp files removed: 23552 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 186192 bytes
Windows Temp folder emptied: 49261705 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 85135 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 138.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02112010_081028

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0129931C-BD4A-4BAD-A221-D3F923445D9B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS049907C8-3F14-4FA9-81DF-019810E684CD.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0507C6EB-CB89-4C40-B10B-191D2141BBBE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0546BD6A-20E0-4275-BB0F-664BF04E6256.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS057E2198-C4C7-4578-977B-67CD3DEE2300.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS077DDA4C-0E4D-4E8B-8CC7-35FC380D4675.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0A81EE0F-4554-49EE-8479-8DD28A125862.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0C648B75-6AD0-469D-AD53-ADF50CF1C01D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0D2F4B9F-478F-44C9-B407-27955C21F35A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0FBD0906-9271-463D-B600-A653942CC9A4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS11F43FE9-80C3-420B-AD4A-7578D28F9F3B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS139B60FF-2816-4F72-993C-450E72BD6EAE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS18385610-69D0-44DD-918C-A29D1966C998.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1A06D62E-7A64-4AF3-B65B-B9997FC35676.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1AA40083-37EB-4792-B70C-E6FDE2B1FDB6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1B9CB85D-6ECD-456A-8BD0-73EDC334FEDA.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1C3034BD-ADD3-4F41-904A-F8601D7AC069.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1D321EFA-B1D5-46A6-A326-76A61B9BED20.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS288EEB1F-F3F0-4CF6-9DAA-C98ACC2FBCAB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS29502FAD-0B65-4141-99CC-838D4D28DEA2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2E70093F-DEC2-44E6-BAD1-EF054122A671.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS301263FB-FE83-4897-8832-94DDD1C4C007.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS31315387-F383-4131-B9A8-D681BF38D38A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS37DD715C-5DCD-4BCC-82AC-9B58BA3915BD.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS39886CC9-45CB-48C5-8286-FA1DA9487017.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3ACE5879-2F12-4065-9FAF-F03CC8B28C08.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3B05885E-2DAD-43AB-9991-2E9E3BE14FF5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3F0050D3-CADC-4441-95B1-AB901AECF5EE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3F3DAF14-446E-4E4E-BA72-EC99523679F1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS40BAEAFE-1CE1-494F-B39E-680E3D5CE21A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS4339983D-02FE-45CC-BA19-8E41E0B6D3AE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS44195ED9-C462-48F4-B926-10BFAF214D63.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS4871E64C-5027-487C-927E-1D6F7B6B6107.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS4CDA081E-9318-493F-93F8-80BAAAAA203F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS512BCB07-422C-460F-BFA9-6D59D94CEC4E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5595FCBF-50F4-48C4-8485-E4F3A39066A6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5B45E5D5-8429-4323-85A0-E6C7C9597375.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5B663AB2-EA6E-4761-8969-EC1EB79F7F0E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5D2C751B-E413-4713-8619-F089829C010A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5FE9959A-321E-444A-A7CA-367169FA6385.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS638654F7-2DCD-41BF-BCD9-956065EDE880.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS65497C43-CA46-49D0-9DBC-BC4BE1CF7D5A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6A476A73-F7F2-4F53-BB86-98A44E1F545C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6D211CEB-D461-48A4-A478-4A5681A3326D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6D6B5A50-C636-48A3-9B66-B4DA1114504F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6F9D5A44-068A-4AF1-85A8-FAAC94D13A50.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS723F03FA-DCB8-4F39-8909-0DAB4C43C47C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS74C9A0A4-C9C4-4148-810A-9A691494119C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS77DBE763-7FE6-47E0-845C-92F4C17B7D19.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS7BAECEBE-93EB-43AF-B77B-E2F5BB4CF54C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS82578888-2699-49DA-BC8D-581965CE5AAC.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS86237357-BCC4-4599-AB6C-7280F9495833.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS8FB21661-55EA-427D-A59C-E3809474F518.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS95153F34-6E30-4DF8-8FBA-CDED2A00C025.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS993B83F9-6039-418A-8283-891FBD8E9623.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS9D1326C5-88FD-4489-8C3A-53B44EB54A17.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS9D2C6E5B-3436-4FA3-9395-966E7976E5E9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS9DAE5533-0D98-4531-B3E6-7F74707C4CF1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS9EB207AE-EB7B-46D0-A071-749B26400CE0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA166D9FB-21B9-4C7D-9F02-943BBDD9D536.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA3360B33-61CD-4C2F-AC82-AC0862EA18A0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA33F9901-A4A2-4D3A-A8D6-F27AE4270155.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA6EDE536-7B2C-4301-B4BD-4EBFF393DED1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA7C55473-C41C-4F7E-81DC-92F893ABEE49.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSABCA6A89-B8B4-4D2B-BA27-8BD847A60B1A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSABDF9408-449A-4B1C-825E-C7AF209F5277.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAC3D5047-C71F-4E7A-90D1-BD33A41318E1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSADB783A4-3CBD-4BF0-A6FC-C3E565C2B03B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAF4DAFEB-0EBA-4D6D-A107-2CF7580DC823.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAFC40682-003A-4EA3-80EF-2BA9066473DB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB0340A4D-E39B-4B54-8469-A510C6A48F89.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB04AEA4C-5561-42DB-90B3-0D42D5A92D59.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB3471FDB-60DC-4329-A5B9-2B1D6F07E3B9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB4C9BF91-3F64-4C80-BB5F-D86BA01D4A8E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB68B2D43-31FC-4971-BD85-4772C47E1D9D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB6F4D3E5-21B5-4369-B335-EBABADBE5F5D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB86C55ED-D1DE-4960-922C-C8AB87261420.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSBA703B92-57F5-48A4-8CC8-893EE21022B4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSBAB34DD1-E391-47B0-8E4E-0C09082E77DE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC1958351-8971-4480-87FB-BF5BAA555231.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC578E5CF-9BFE-4A08-8427-7D432D9871DC.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC6F44EFE-E6F1-4B5E-9AC5-547A373CBFFF.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSCC4C9032-5520-4E19-9314-63B661DA3B36.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSCF0D41E1-D166-40BE-8212-28632A93B2EE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD0552EFF-A086-4F4D-AD73-B5985B9B04FA.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD4DE11D6-4231-4726-A633-B2F48D69C6B3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD5CCF58A-5166-4F41-8D4F-98BE151485CB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD77339BE-DCBB-4994-86A4-C08119F59C4D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDACAE132-2EE2-499D-A210-A41933314637.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDF1C8D73-0601-4F7E-A7A0-A1D49EE1C473.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE0E31971-2855-4A32-ADC2-1072E4895BE9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE8302180-BF0F-4A74-9DA7-8784F5FDFFDE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE8616EE3-636D-4196-8314-D6FC39D1DF91.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSEE56AF0C-DF37-4020-9510-756EB14D3AB9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSEFAD148B-3626-4F20-B535-262F16540F3A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF01064A3-1C20-46C5-AB36-5721A4DB98BE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF4A2CDB2-77AB-4681-8B56-05C1530F361B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF6A54B2C-38B0-4B38-9070-AE935A1E6363.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF8EC08B0-4E64-4F42-BB47-BB4CC6120A16.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFA09EB17-27BD-4611-A5E9-998C9FC28968.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFA899AD8-205B-42A0-AB45-FE4EC19E81E5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFAA6B823-6C33-4F44-8135-0993C9EB2467.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFBE265D7-B8FC-4DDB-9576-99BCCB68FFBA.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFF42D6F9-41DB-4AFE-9602-2F4C046FC5E4.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 2/11/2010 8:20:01 AM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 639.00 Mb Available Physical Memory | 63.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.11 Gb Total Space | 9.15 Gb Free Space | 47.87% Space Free | Partition Type: NTFS
Drive D: | 38.29 Gb Total Space | 13.01 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 983.70 Mb Total Space | 38.41 Mb Free Space | 3.90% Space Free | Partition Type: FAT
Drive H: | 1.92 Gb Total Space | 1.88 Gb Free Space | 98.26% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: KATHY
Current User Name: Kathy Clark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
PRC - [2010/01/07 07:41:57 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/01 09:21:11 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/02/25 09:06:44 | 001,180,976 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/02/14 12:08:56 | 006,308,728 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/02/13 17:09:12 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/04/17 13:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2005/10/10 08:49:00 | 000,131,139 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2005/03/23 18:26:10 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2005/03/15 04:46:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004/08/04 03:56:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/05/21 15:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2003/04/07 18:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2003/03/05 14:02:32 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
PRC - [2003/01/03 10:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2001/08/22 09:46:02 | 000,217,088 | ---- | M] (Dell Computer Corporation) -- C:\DMI\WIN32\bin\DellDmi.exe
PRC - [2001/08/22 09:45:42 | 000,131,072 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\DLT.exe
PRC - [2001/08/22 09:45:36 | 000,147,456 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
PRC - [2001/08/22 09:45:26 | 000,118,784 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
PRC - [2001/08/22 09:45:20 | 000,155,648 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2001/06/18 14:21:30 | 000,249,344 | ---- | M] (Intel) -- C:\DMI\WIN32\bin\Win32sl.exe
PRC - [2000/06/26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/01 09:21:51 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/02/25 09:06:44 | 001,180,976 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/02/13 17:09:12 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/20 14:18:52 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2005/10/10 08:49:00 | 000,131,139 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/01/09 19:08:30 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2003/01/03 10:20:48 | 000,057,344 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2003/01/03 10:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2001/08/22 09:46:02 | 000,217,088 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\DMI\WIN32\bin\DellDmi.exe -- (DellDmi)
SRV - [2001/08/22 09:45:42 | 000,131,072 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\DLT.exe -- (DLT)
SRV - [2001/08/22 09:45:36 | 000,147,456 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\EventAgt.exe -- (DEventAgent)
SRV - [2001/08/22 09:45:26 | 000,118,784 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe -- (ActionAgent)
SRV - [2001/08/22 09:45:20 | 000,155,648 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2001/06/18 14:21:30 | 000,249,344 | ---- | M] (Intel) [Auto | Running] -- C:\DMI\WIN32\bin\Win32sl.exe -- (Win32Sl)
SRV - [2000/06/26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/12 20:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lvsonline.com/
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\S-1-5-21-1822439336-1754454779-3683679437-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\S-1-5-21-1822439336-1754454779-3683679437-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://michigan-made.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 07:42:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 07:42:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/01/15 11:40:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/10/29 07:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/01/15 11:40:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/10/29 07:26:45 | 000,000,000 | ---D | M]

[2009/10/12 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Extensions
[2009/09/21 17:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/02/10 09:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Firefox\Profiles\w42i3bof.default\extensions
[2009/10/29 07:26:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Firefox\Profiles\w42i3bof.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/09 23:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2007/04/20 17:18:31 | 000,000,713 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zemanta Plugin) - {8E42A03A-34ED-46C4-8385-79E9534635FB} - C:\Program Files\Zemanta\Zemanta for Internet Explorer 0.5.7\ZemantaBHO.dll (Zemanta)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O12 - Plugin for: .bcf - C:\Program Files\Internet Explorer\PLUGINS\NPBelv32.dll (Belarc, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: macromedia.com ([download] https in Trusted sites)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: verizonwireless.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1225241963765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1225241821875 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/Pow...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/45/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-448553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://technicallead.webex.com/client/T26L...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.99.227.4 66.211.92.4
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (c:\windows\system32\hakoyevi.dll) - C:\WINDOWS\System32\hakoyevi.dll File not found
O20 - AppInit_DLLs: (wipekize.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\vuruhita.dll) - C:\WINDOWS\System32\vuruhita.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\ravufuge.dll) - C:\WINDOWS\System32\ravufuge.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (em\\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/31 09:02:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{26a2e13d-9314-11de-8718-00065bb2f879}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell - "" = AutoRun
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d44dc437-8dae-11d9-8929-00065bb2f879}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/11 08:10:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/11 08:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy Clark\Desktop\JavaRa
[2010/02/10 09:07:22 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010/02/09 21:49:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kathy Clark\Recent
[2010/02/09 13:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/17 20:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/28 07:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/27 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/24 13:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/12 16:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/20 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2007/03/11 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Help
[2007/03/11 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Help
[2006/02/14 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/02/14 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/02/10 20:06:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2002/07/31 13:25:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/07/31 13:25:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/07/31 13:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/11 08:15:18 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/11 08:13:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 08:12:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/11 08:12:02 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\ntuser.dat
[2010/02/11 08:12:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kathy Clark\NTUSER.INI
[2010/02/11 08:02:09 | 000,002,626 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/02/11 08:02:09 | 000,001,479 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/10 10:42:54 | 000,000,313 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/02/10 10:42:54 | 000,000,194 | RHS- | M] () -- C:\BOOT.INI
[2010/02/10 09:48:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\2xev85uq.exe
[2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010/02/08 15:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/05 11:00:56 | 000,365,088 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt07.lst
[2010/02/03 23:08:27 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/01/31 21:00:06 | 000,001,660 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L5D38E32A182C41CC96CC4F29178F9FBC.job
[2010/01/28 21:48:32 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\Desktop\Found new hardware wizard always fails... in Windows XP Hardware.URL
[2010/01/28 21:03:41 | 000,206,264 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/28 20:32:25 | 000,000,224 | ---- | M] () -- C:\WINDOWS\netscape.INI
[2010/01/28 20:30:51 | 000,004,058 | ---- | M] () -- C:\WINDOWS\nsreg.dat

========== Files Created - No Company Name ==========

[2010/02/10 09:48:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\2xev85uq.exe
[2010/01/28 21:48:32 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Kathy Clark\Desktop\Found new hardware wizard always fails... in Windows XP Hardware.URL
[2010/01/18 13:50:26 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2010/01/18 13:49:45 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2010/01/18 13:49:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2010/01/18 13:49:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2010/01/18 13:49:43 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2010/01/18 13:49:43 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2010/01/18 13:49:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2010/01/18 13:49:42 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2010/01/18 13:49:42 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2010/01/18 13:49:42 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2010/01/18 13:49:41 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2010/01/18 13:49:41 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2010/01/18 13:49:41 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2010/01/18 13:49:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2010/01/18 13:49:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2010/01/18 13:49:39 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2010/01/18 13:49:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2010/01/18 13:49:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2010/01/18 13:49:37 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2009/04/21 17:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/01/31 17:01:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/04/30 11:33:10 | 000,000,125 | ---- | C] () -- C:\WINDOWS\mbutton.ini
[2008/01/21 06:14:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/21 09:02:16 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/08/15 14:15:17 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/08/15 14:15:17 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/08/15 14:15:17 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/01/14 00:13:35 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/14 00:13:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/02 11:07:27 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Mp3enc.ini
[2006/10/13 11:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/02 19:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/04 10:41:41 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/03/16 18:39:20 | 001,662,976 | R--- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/16 18:39:20 | 001,019,904 | R--- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/16 18:39:19 | 001,466,368 | R--- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/16 18:39:19 | 000,466,944 | R--- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/16 18:39:17 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/16 18:39:13 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/16 18:39:12 | 000,573,440 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/11 21:28:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2006/02/12 17:36:28 | 000,000,218 | ---- | C] () -- C:\WINDOWS\QCRIB.INI
[2006/01/31 17:35:27 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/31 17:35:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/12/14 15:40:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/26 10:46:23 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/04/12 16:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/05 15:07:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/02/10 20:08:03 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/10 20:07:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/10 20:06:33 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/02/10 20:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/02/10 20:06:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/10 20:06:32 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/02/10 20:06:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/10/05 17:07:10 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/02/02 18:08:29 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2004/01/09 19:32:44 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2003/12/10 12:50:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2003/08/22 18:42:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2003/06/04 15:01:10 | 000,000,071 | ---- | C] () -- C:\Program Files\Common Files\PATCH.ERR
[2003/05/20 21:53:51 | 000,003,615 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2003/03/11 19:30:57 | 000,002,078 | ---- | C] () -- C:\WINDOWS\U3DEDIT2.INI
[2003/03/11 19:30:56 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2003/03/11 19:23:54 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2003/02/26 20:52:51 | 000,031,744 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2003/02/19 20:06:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/02/15 17:33:52 | 000,015,164 | R--- | C] () -- C:\WINDOWS\Mr310twv.ini
[2003/02/15 17:33:49 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2003/02/15 17:33:49 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2003/01/12 17:51:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2003/01/12 17:50:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2003/01/09 19:18:44 | 000,000,067 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/01/06 13:52:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\CoolTips.INI
[2003/01/06 13:52:49 | 000,000,063 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2003/01/06 13:52:46 | 000,010,705 | ---- | C] () -- C:\WINDOWS\coolcust.ini
[2003/01/06 13:52:46 | 000,004,177 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2002/12/11 13:42:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/12/11 09:25:24 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2002/11/15 12:11:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Kathy Clark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/11/12 11:22:19 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2002/10/27 11:47:34 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2002/10/21 16:08:30 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/10/18 12:35:13 | 000,001,173 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2002/10/18 12:35:13 | 000,000,113 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2002/10/15 17:22:26 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2002/10/15 17:22:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2002/10/15 17:22:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2002/10/15 17:22:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2002/10/15 16:16:11 | 000,003,650 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2002/10/15 13:27:32 | 000,000,170 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2002/10/15 13:24:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2002/10/15 13:23:17 | 000,001,908 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/15 13:23:17 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/15 11:32:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2002/10/15 00:10:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2002/10/14 23:53:02 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2002/10/14 23:06:00 | 000,000,085 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2002/10/14 22:32:03 | 000,002,626 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2002/10/14 22:17:34 | 000,000,274 | ---- | C] () -- C:\WINDOWS\POSER.INI
[2002/10/14 21:25:09 | 000,000,066 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2002/10/14 21:24:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Mapedit.ini
[2002/10/14 16:02:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/10/14 15:11:38 | 000,000,224 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2002/10/14 00:06:16 | 000,000,633 | ---- | C] () -- C:\WINDOWS\32BITFAX.INI
[2002/07/31 13:48:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/31 13:41:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/07/31 13:39:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/31 13:27:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000022.DLL
[2002/02/20 20:24:32 | 000,032,926 | ---- | C] () -- C:\Program Files\Page Number Utility .pdf
[2002/02/03 16:33:02 | 000,000,377 | ---- | C] () -- C:\Program Files\Readme PageNumberUtility.txt
[2001/08/18 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/02/03 18:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/09/29 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator
[2006/10/15 08:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/06/18 21:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/12/22 13:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2007/07/19 08:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/12/03 09:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/09/26 07:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2005/09/13 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/24 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Image Zone Express
[2003/04/19 08:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\MailWasher
[2005/04/22 09:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Opera
[2005/12/10 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Printer Info Cache
[2007/12/08 10:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Sharpcast
[2007/08/21 08:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\tmp
[2006/08/23 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Ulead Systems
[2008/09/23 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\webex
[2010/01/31 21:00:06 | 000,001,660 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L5D38E32A182C41CC96CC4F29178F9FBC.job

========== Purity Check ==========


< End of report >


Mbam found and removed one trace: Trojan.DNSChanger.

Malwarebytes' Anti-Malware 1.44
Database version: 3724
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/11/2010 8:53:32 AM
mbam-log-2010-02-11 (08-53-32).txt

Scan type: Quick Scan
Objects scanned: 130997
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30728ef4-5398-49ef-84b5-093549728f10}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,208.99.227.4 66.211.92.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


*****************

I did a Google search - it was not taken over by Searchclick8 - making progress!



#6 kmclark

kmclark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 February 2010 - 09:28 AM

QUOTE(Buckeye_Sam @ Feb 11 2010, 07:49 AM) View Post
Please update Malwarebytes and run a full scan.[list]
[*]Open Malwarebytes and select the Update tab.
[*]Click on the Check for Updates button and allow the program to download the latest updates.
[*]Once you have the latest updates, select the Scanner tab.
[*]Select "Perform full scan" and click the Scan button.


Hi Sam - I'm sorry.....I just realized I did not do a "full scan" as you instructed. The full scan will take some time (I usually do that in the evening when I'm not on the computer) - I'll repost that log as soon as it's done.

#7 kmclark

kmclark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 February 2010 - 01:25 PM

QUOTE(Buckeye_Sam @ Feb 11 2010, 07:49 AM) View Post
Please update Malwarebytes and run a full scan.[list]
[*]Open Malwarebytes and select the Update tab.
[*]Click on the Check for Updates button and allow the program to download the latest updates.
[*]Once you have the latest updates, select the Scanner tab.
[*]Select "Perform full scan" and click the Scan button.


Here is the full scan Mbam log:
Malwarebytes' Anti-Malware 1.44
Database version: 3724
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/11/2010 1:12:50 PM
mbam-log-2010-02-11 (13-12-50).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 306319
Time elapsed: 2 hour(s), 21 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:14 AM

Posted 11 February 2010 - 04:13 PM

Looks pretty good. There's just a little more in your log we need to clean up.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O20 - AppInit_DLLs: (c:\windows\system32\hakoyevi.dll) - C:\WINDOWS\System32\hakoyevi.dll File not found
    O20 - AppInit_DLLs: (wipekize.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\vuruhita.dll) - C:\WINDOWS\System32\vuruhita.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\ravufuge.dll) - C:\WINDOWS\System32\ravufuge.dll File not found

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


Any more problems that you're still having?



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 kmclark

kmclark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 February 2010 - 09:33 PM

QUOTE(Buckeye_Sam @ Feb 11 2010, 04:13 PM) View Post
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]You will get a log that shows the results of the fix. Please post it.
[*]Then also run and post a new OTL log.
[/list] Any more problems that you're still having?


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hakoyevi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:wipekize.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\vuruhita.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\ravufuge.dll deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kathy Clark
->Temp folder emptied: 276549 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 95724 bytes
->FireFox cache emptied: 60953028 bytes
->Opera cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49409161 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02112010_210132

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS048B7C56-4445-42C4-BE82-46FEE2CB069F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0758EA61-6920-455A-9CAC-1ED59A6D0EF3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS081EFEF4-43AF-41B3-984F-5BF276169E2F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0E121453-8E91-4AC0-8D52-A35B929A547F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0E133017-8DFB-401F-BA70-931464FCEAB5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1190705D-1840-41D8-96D4-EBB5ED957BB4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS13C7D7FC-7004-4E98-9B71-2CB20D92C634.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS15F78D60-162C-4C75-97EE-89ADCBD22499.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS181B44CC-39EC-4E89-B985-AB67D9BB48A2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS18C85205-53F8-49B5-906E-CF4BE88C1089.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1AE3FAC6-70E0-4E30-8B5E-BB8C0421AFE2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1B5715DC-23DE-4472-A878-F03CE8A251BE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1C6635D0-AFE4-4380-95E8-E608C3936F17.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1DE1143A-6093-45A4-808E-88FA74BB4D18.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1E43BFA1-8C27-486F-A72B-4A354B5AB8C2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2384FF7B-6B29-4E55-8DFD-66E1CD61A196.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS25BD1B0E-F30B-4FBE-A648-59FE2DF1160B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS25D33F3B-4195-4F88-8E59-D60686C0A984.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2659E5A0-05AE-47C9-B45A-5DC834D447DD.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS276E79B9-5155-45B7-8F23-527220DBA0E7.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS282A7144-C9A3-45BA-95C1-941C23BF521A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS28774A07-4051-4FF1-A444-FDEB091BF60E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2ADA79D4-32F9-46B2-A496-CF4FF2343E49.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2BDACC37-258A-409E-959C-3517D3BD50B4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2C49B0A5-D7CC-4063-B338-3D0AA7B55BB0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS33E25A4A-13D0-4B22-A8E3-10DF19D8995E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS343EB342-A21E-4BE7-B7E5-3C7FD86C68F3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS344CBBEF-51E6-4EE9-A6A4-9C020E9627FE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS354D1BA0-A21B-462B-9FCB-BAACFCEDC0CD.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS372D5DA2-1940-445A-9D85-F3A069C9B68E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3DFE8AA8-BE1C-4021-85B9-2B07E294D403.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3E870D1A-1A58-4818-BB12-6EA8949030B4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS40FB9BDE-BF22-4892-9962-92EAFA14D63B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS41ECB03D-EF2D-4CC2-9026-614A6C5B9E83.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS4886988E-40E1-4986-9E90-AF18CF99E7EC.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS48F80E53-14B9-4872-91A9-CDE7D3144E6B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS4A37C92A-6E11-4967-84E3-65B007D37988.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS537008EB-67E7-460D-B88E-89EB0A0E6CA3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS55AEE9DB-68A4-4C9D-A9C9-BA8DFD364DA2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5A4F18DE-D673-4D34-8F6E-7D6D584D197E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5B0BD8CB-BDC6-4BCD-9132-BB98AD850B0C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5D37223D-D8D7-4EDE-A718-E5FBAC13457D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5DF2D458-0327-43F6-AC9D-47B0040EBEA0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS65338F3C-89B9-4AFD-A071-B5F26CBA24AE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS65A98EB9-5EFD-4A83-9ED2-5D3543A012E6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS67BEA79C-6874-406A-BFAF-F448ADAD0660.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6849D774-FA55-4E3A-81E1-3B44EE8B9DB2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6BD1B0B5-A11F-4F7F-9F4E-599DC981F36D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6C6DFDE5-390D-4C49-8C3C-0185AFF16B7B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6CAAC2CC-FFE0-4C99-9E35-F01F925E771E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS704618EE-EAB9-4C8F-8F09-47D17379A4B3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS731AAF36-A547-471B-B228-97587BCAA4AE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS7CF78837-F5DE-4BF2-A639-11F10CC752C5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS80E985A6-A328-4245-A198-74C084C43B48.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS814677BE-E4B2-4C22-A388-B952B48E7A51.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS882C6C16-98F7-4162-B552-7516198E7FC1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS885E6EAA-5B79-4AFE-9639-CDD6D55FC325.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS8F38AA3A-28CC-4D29-B94A-92CCB29F8269.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS92B972C3-00DC-4E51-A6F1-86E33CD87825.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS96BF3920-60B5-4589-9B63-0DB7AAAB0375.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA1480B66-47E8-48B4-A4DB-993DE2EF0F44.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA15F4473-5AFE-4F0C-9F7B-2EA672788162.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA19B3597-33BC-4F8A-8762-054C2A93EDA9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA1F5DB98-ECE9-41B1-BDA4-FB0518961D11.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA21032A1-4926-4947-B9FD-6BA5C7AB493B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA2E90274-0E68-48EE-BA4A-2F202C027E4C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA302DA01-5B21-48E6-96CC-9547CD82A268.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA5252B40-A5EB-4D56-8959-FFDA72BFB0B3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAB93A9B4-F337-4729-8528-5DE17E7131B5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAD7B7DD6-10F9-4F0A-9BCB-FF63780FEB94.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAE6A82BE-E104-4FD7-A82B-139E25C592B1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB168E438-430B-44AB-A558-9AD1DD0FE55E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB9C4459E-7737-49C7-ACB5-C1D1C936F8BD.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSBF0CE49B-7730-4939-B808-319236275EAB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC0FC4172-52FD-44A2-AB24-0ECB7E12BD69.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC344EABB-D244-41A2-90E0-3E2D83F317F7.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC5C7B741-4F36-4D08-AF61-999A7B660D93.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSCC8C3488-2495-4D1B-A81B-F42D67D68C2F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSCCB13BA0-F5B6-4266-B041-A31CC6B71FB9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSCD314CDC-00CF-49C9-9635-1E8E61A46FFD.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSCF4474EF-C665-433A-B55F-15D3D11D634E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD182D01A-0958-4072-BE53-32A7A4C4665A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD3CBD671-ED1A-4899-9D7A-403484124AF1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD8748216-6A35-4A32-A42E-5676A4489A9D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDBDF5957-07AD-4A83-9D8A-39595D2801A3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDCE4125B-AC76-48A5-BFA3-9CAA0D6A9AC6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDD8F4C43-2F15-4765-B490-68F328B5CC2D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDF1F22E2-63F7-40C8-BDC9-3444EAEB00D5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDF25F776-71C5-464A-B852-948D8B81A5C1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE225F718-385A-4037-9CB3-032F8C34707A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE2D17E56-A030-4825-91E6-D8774B16D4D6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE636260A-D557-4993-A34C-29B73973B586.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE67DE06F-92AF-44E7-A252-D1ADE013417F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE8082837-C80C-4FA1-A2CE-0569B9350C7F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE8BA197C-F148-4737-ABE0-FFD94B850215.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSEEE86214-E64C-4DDB-BB04-EBABC3B17D5C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF1E98581-46B7-44BF-97BE-5815FF50A846.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF2BC7BED-7511-4C66-916D-C299A5427835.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF6DA058C-5E80-43DC-AD09-7B063E76B82E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF795DB21-8DA1-4D0A-970C-13759F233686.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFDE49A01-6455-4FFF-822A-65870CE4BA1A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFE89AECC-CF7C-4914-B134-E919D42C406C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFF16AA40-370E-46AF-AAE4-C1C00691BA86.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFF1FC712-2754-48ED-8D0F-63D0BA1F9019.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_580.dat moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 2/11/2010 9:06:41 PM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 585.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.11 Gb Total Space | 9.15 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive D: | 38.29 Gb Total Space | 13.00 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 983.70 Mb Total Space | 38.41 Mb Free Space | 3.90% Space Free | Partition Type: FAT
Drive H: | 1.92 Gb Total Space | 1.88 Gb Free Space | 98.13% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: KATHY
Current User Name: Kathy Clark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/11 08:40:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
PRC - [2010/01/27 09:13:16 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/01 09:21:11 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/02/25 09:06:44 | 001,180,976 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/02/14 12:08:56 | 006,308,728 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/02/13 17:09:12 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/04/17 13:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2005/10/10 08:49:00 | 000,131,139 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2005/07/22 14:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/03/23 18:26:10 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2005/03/15 04:46:46 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004/08/04 03:56:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/05/21 15:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2003/04/07 18:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2003/03/05 14:02:32 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
PRC - [2003/01/03 10:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2001/08/22 09:46:02 | 000,217,088 | ---- | M] (Dell Computer Corporation) -- C:\DMI\WIN32\bin\DellDmi.exe
PRC - [2001/08/22 09:45:42 | 000,131,072 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\DLT.exe
PRC - [2001/08/22 09:45:36 | 000,147,456 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
PRC - [2001/08/22 09:45:26 | 000,118,784 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
PRC - [2001/08/22 09:45:20 | 000,155,648 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2001/06/18 14:21:30 | 000,249,344 | ---- | M] (Intel) -- C:\DMI\WIN32\bin\Win32sl.exe
PRC - [2000/06/26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - [2010/02/11 08:40:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/01 09:21:51 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/02/25 09:06:44 | 001,180,976 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/02/13 17:09:12 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/20 14:18:52 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2005/10/10 08:49:00 | 000,131,139 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/01/09 19:08:30 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2003/01/03 10:20:48 | 000,057,344 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2003/01/03 10:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2001/08/22 09:46:02 | 000,217,088 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\DMI\WIN32\bin\DellDmi.exe -- (DellDmi)
SRV - [2001/08/22 09:45:42 | 000,131,072 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\DLT.exe -- (DLT)
SRV - [2001/08/22 09:45:36 | 000,147,456 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\EventAgt.exe -- (DEventAgent)
SRV - [2001/08/22 09:45:26 | 000,118,784 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe -- (ActionAgent)
SRV - [2001/08/22 09:45:20 | 000,155,648 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2001/06/18 14:21:30 | 000,249,344 | ---- | M] (Intel) [Auto | Running] -- C:\DMI\WIN32\bin\Win32sl.exe -- (Win32Sl)
SRV - [2000/06/26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/12 20:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lvsonline.com/
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\S-1-5-21-1822439336-1754454779-3683679437-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\S-1-5-21-1822439336-1754454779-3683679437-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://michigan-made.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 07:42:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/11 08:41:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/02/11 14:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/02/11 08:41:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/02/11 14:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/02/11 08:41:02 | 000,000,000 | ---D | M]

[2009/10/12 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Extensions
[2009/09/21 17:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/02/11 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Firefox\Profiles\w42i3bof.default\extensions
[2009/10/29 07:26:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kathy Clark\Application Data\Mozilla\Firefox\Profiles\w42i3bof.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/11 13:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2007/04/20 17:18:31 | 000,000,713 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Zemanta Plugin) - {8E42A03A-34ED-46C4-8385-79E9534635FB} - C:\Program Files\Zemanta\Zemanta for Internet Explorer 0.5.7\ZemantaBHO.dll (Zemanta)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra Button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O12 - Plugin for: .bcf - C:\Program Files\Internet Explorer\PLUGINS\NPBelv32.dll (Belarc, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: macromedia.com ([download] https in Trusted sites)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: verizonwireless.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1822439336-1754454779-3683679437-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1225241963765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1225241821875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/Pow...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/45/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-448553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://technicallead.webex.com/client/T26L...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.99.227.4 66.211.92.4
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (em\\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/31 09:02:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{26a2e13d-9314-11de-8718-00065bb2f879}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell - "" = AutoRun
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e573df9-9218-11dd-8566-00065bb2f879}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d44dc437-8dae-11d9-8929-00065bb2f879}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/11 08:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/11 08:10:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/11 08:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy Clark\Desktop\JavaRa
[2010/02/10 09:07:22 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010/02/09 21:49:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kathy Clark\Recent
[2010/02/09 13:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/17 20:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/28 07:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/27 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/24 13:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/12 16:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/20 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2007/03/11 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Help
[2007/03/11 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Help
[2006/02/14 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/02/14 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/02/10 20:06:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2002/07/31 13:25:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/07/31 13:25:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/07/31 13:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/11 21:05:48 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/11 21:03:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 21:03:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/11 21:02:15 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\ntuser.dat
[2010/02/11 21:02:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kathy Clark\NTUSER.INI
[2010/02/11 08:02:09 | 000,002,626 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/02/11 08:02:09 | 000,001,479 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/10 10:42:54 | 000,000,313 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/02/10 10:42:54 | 000,000,194 | RHS- | M] () -- C:\BOOT.INI
[2010/02/10 09:07:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010/02/08 15:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/05 11:00:56 | 000,365,088 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt07.lst
[2010/02/03 23:08:27 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/01/31 21:00:06 | 000,001,660 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L5D38E32A182C41CC96CC4F29178F9FBC.job
[2010/01/28 21:48:32 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Kathy Clark\Desktop\Found new hardware wizard always fails... in Windows XP Hardware.URL

========== Files Created - No Company Name ==========

[2010/01/28 21:48:32 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Kathy Clark\Desktop\Found new hardware wizard always fails... in Windows XP Hardware.URL
[2010/01/18 13:50:26 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2010/01/18 13:49:45 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2010/01/18 13:49:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2010/01/18 13:49:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2010/01/18 13:49:43 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2010/01/18 13:49:43 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2010/01/18 13:49:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2010/01/18 13:49:42 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2010/01/18 13:49:42 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2010/01/18 13:49:42 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2010/01/18 13:49:41 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2010/01/18 13:49:41 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2010/01/18 13:49:41 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2010/01/18 13:49:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2010/01/18 13:49:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2010/01/18 13:49:39 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2010/01/18 13:49:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2010/01/18 13:49:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2010/01/18 13:49:37 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2009/04/21 17:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/01/31 17:01:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/04/30 11:33:10 | 000,000,125 | ---- | C] () -- C:\WINDOWS\mbutton.ini
[2008/01/21 06:14:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/21 09:02:16 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/08/15 14:15:17 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/08/15 14:15:17 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/08/15 14:15:17 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/01/14 00:13:35 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/14 00:13:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/02 11:07:27 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Mp3enc.ini
[2006/10/13 11:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/02 19:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/04 10:41:41 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/03/16 18:39:20 | 001,662,976 | R--- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/16 18:39:20 | 001,019,904 | R--- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/16 18:39:19 | 001,466,368 | R--- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/16 18:39:19 | 000,466,944 | R--- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/16 18:39:17 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/16 18:39:13 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/16 18:39:12 | 000,573,440 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/11 21:28:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2006/02/12 17:36:28 | 000,000,218 | ---- | C] () -- C:\WINDOWS\QCRIB.INI
[2006/01/31 17:35:27 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/31 17:35:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/12/14 15:40:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/26 10:46:23 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/04/12 16:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/05 15:07:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/02/10 20:08:03 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/10 20:07:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/10 20:06:33 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/02/10 20:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/02/10 20:06:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/10 20:06:32 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/02/10 20:06:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/10/05 17:07:10 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/02/02 18:08:29 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2004/01/09 19:32:44 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2003/12/10 12:50:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2003/08/22 18:42:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2003/06/04 15:01:10 | 000,000,071 | ---- | C] () -- C:\Program Files\Common Files\PATCH.ERR
[2003/05/20 21:53:51 | 000,003,615 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2003/03/11 19:30:57 | 000,002,078 | ---- | C] () -- C:\WINDOWS\U3DEDIT2.INI
[2003/03/11 19:30:56 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2003/03/11 19:23:54 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2003/02/26 20:52:51 | 000,031,744 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2003/02/19 20:06:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/02/15 17:33:52 | 000,015,164 | R--- | C] () -- C:\WINDOWS\Mr310twv.ini
[2003/02/15 17:33:49 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2003/02/15 17:33:49 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2003/01/12 17:51:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2003/01/12 17:50:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2003/01/09 19:18:44 | 000,000,067 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/01/06 13:52:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\CoolTips.INI
[2003/01/06 13:52:49 | 000,000,063 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2003/01/06 13:52:46 | 000,010,705 | ---- | C] () -- C:\WINDOWS\coolcust.ini
[2003/01/06 13:52:46 | 000,004,177 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2002/12/11 13:42:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/12/11 09:25:24 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2002/11/15 12:11:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Kathy Clark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/11/12 11:22:19 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2002/10/27 11:47:34 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2002/10/21 16:08:30 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/10/18 12:35:13 | 000,001,173 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2002/10/18 12:35:13 | 000,000,113 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2002/10/15 17:22:26 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2002/10/15 17:22:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2002/10/15 17:22:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2002/10/15 17:22:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2002/10/15 16:16:11 | 000,003,650 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2002/10/15 13:27:32 | 000,000,170 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2002/10/15 13:24:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2002/10/15 13:23:17 | 000,001,908 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/15 13:23:17 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/15 11:32:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2002/10/15 00:10:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2002/10/14 23:53:02 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2002/10/14 23:06:00 | 000,000,085 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2002/10/14 22:32:03 | 000,002,626 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2002/10/14 22:17:34 | 000,000,274 | ---- | C] () -- C:\WINDOWS\POSER.INI
[2002/10/14 21:25:09 | 000,000,066 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2002/10/14 21:24:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Mapedit.ini
[2002/10/14 16:02:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/10/14 15:11:38 | 000,000,224 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2002/10/14 00:06:16 | 000,000,633 | ---- | C] () -- C:\WINDOWS\32BITFAX.INI
[2002/07/31 13:48:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/31 13:41:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/07/31 13:39:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/31 13:27:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000022.DLL
[2002/02/20 20:24:32 | 000,032,926 | ---- | C] () -- C:\Program Files\Page Number Utility .pdf
[2002/02/03 16:33:02 | 000,000,377 | ---- | C] () -- C:\Program Files\Readme PageNumberUtility.txt
[2001/08/18 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/02/03 18:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/09/29 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator
[2006/10/15 08:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/06/18 21:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/12/22 13:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2007/07/19 08:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/12/03 09:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/09/26 07:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2005/09/13 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/24 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Image Zone Express
[2003/04/19 08:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\MailWasher
[2005/04/22 09:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Opera
[2005/12/10 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Printer Info Cache
[2007/12/08 10:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Sharpcast
[2007/08/21 08:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\tmp
[2006/08/23 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\Ulead Systems
[2008/09/23 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Clark\Application Data\webex
[2010/01/31 21:00:06 | 000,001,660 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L5D38E32A182C41CC96CC4F29178F9FBC.job

========== Purity Check ==========


< End of report >


**********************

Computer and internet seems to be working fine. A couple weeks ago I had to replace my monitor as my Dell 1901FP went dark on me. Is it possible that it was due to the infection? At that point I did a scan and it detected several virus (my son and his friends were on youtube the night before). If that's a possibility - I'd grab it from the garage and hook it back up to have 2 monitors.

A problem that I have still have, that may or may not be related to the infection, is that my Dell AIO 944 scanner is not working (the copier and printer work fine). This was first noticed a couple weeks ago when I got the error message "Scan was not successful". The device driver indicates: Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) I've uninstalled/reinstalled the driver, updated the driver and nothing helps. Through reserach, I found a few others with the same problem - but no fixes. I just checked - same thing. This is something I can live with since I don't use the scanner often - but if you know of a fix - I'd be happy to hear it!



#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:14 AM

Posted 12 February 2010 - 08:06 AM

Malware typically doesn't affect attached devices such as monitors or scanners. So I don't think it's related. Short of disconnecting the devices, reconnecting them and reinstalling the drivers I'm not sure what to suggest. You might try posting a new topic into the hardware forum here.
http://www.bleepingcomputer.com/forums/ind...mp;s=&f=138


Follow these steps to remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:14 AM

Posted 24 February 2010 - 08:28 AM

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the Malware Response Team and we will reopen it for you.
Include the address of this topic in your request.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users