Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard drive not recognized at start-up


  • This topic is locked This topic is locked
16 replies to this topic

#1 danoer1

danoer1

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 27 February 2010 - 09:21 AM

dell 3000 running windows xp. Had the bsod at startup and sister in law had no virus protection. The initial bsod said something about writing to a read only area or something like that. Pulled the hard drive, put it in an external enclosure (had to change the jumper setting on it to get this to work) ran norton on it from my hp laptop and found quite a few viruses. Put it back into the Dell (can't quite remember what the jumper settings were wacko.gif ) Have it set as master, although the label on the deskstar drive has 4 possible settings for master (something about 2 GB vs 32 GB??). I think I have tried them all. I start it up and get the Dell splash screen (does this mean the BIOS is ok?), it goes to another screen which tells me windows did not load and gives me the safe boot, etc choices. No matter what I choose I still go to the BSOD and now I get a stop message that tells me the HD is not recognized r something. (0X0000007B). I can and have pressed F2 and F12 during boot up to get into the startup menu (is this what it is called?) where I can change things like boot order... Messed around with that, still no muck. F12 brings me to some Dell utility where I can check the disk, all tests are passed.
What have I screwed up? Granted the computer wasn't working to begin with, but I'd like to get this up and running for the nieces and nephew. I've read up on this via the internet and am stumped. Is the BIOS ok? I think so...te splash screen says BIOS A01 or something like that. Are the jumper settings wrong? That's my guess, but did I screw things up by pulling the hard drive out and mounting it on another computer? Help!!

Thanks,

dan

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 AM

Posted 27 February 2010 - 09:31 AM

Hello, sounds to me like there is a good possibility that you are infected.

If a HD is not recognized at all, you would get an "OS not found" error or something like that.

Lately the BSOD code you get is associated in many cases with a rootkit that infects the HD controller driver.

We can check/fix this fairly easy, but you need to download an approx. 270 MB file and burn this to a CD.

Let me know if you wish to continue with this.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 danoer1

danoer1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 27 February 2010 - 09:50 AM

Sure I'll give what you suggest a try, although I am still playing around with the jumper settings and on one set came up with a different error screen ... "loading PBR for descriptor 2...done" then "A disk read error occurred" Is this just because I have the wrong jumper setting? BTW these are my choices for Master either 16 Heads or 32GB clip. I got this last message (disk error...) when I had it on the 3s GB clip jumper setting. My recollection when I puled the drive was that the jumpers were together on the right hand side of the pins. But when I read the diagram on the drive it tells me that this setting would be for device 1 slave. Have tried this and does not work.

what next?

dan

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 AM

Posted 27 February 2010 - 10:56 AM

First of all, use the jumper settings that cause the 0x7B BSOD code. Ther other error you are quoting is most likely related to wrong jumper settings

I am moving this topic to the correct forum, since the tool we are going to use is not allowed here.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 danoer1

danoer1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 27 February 2010 - 12:10 PM

ok... I did the scan with the default of 30 days and there is lots in the report, although let me say that the computer might have been producing the BSOD's even 30 days ago. Not sure since it is my sister-in-laws. Here is the contents of the text file. Thanks! Dan

OTL logfile created on: 2/27/2010 12:00:30 PM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 312.00 Mb Available Physical Memory | 61.00% Memory free
462.00 Mb Paging File | 338.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 51.32 Gb Free Space | 71.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/10/21 16:57:05 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/16 12:40:57 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/26 17:57:22 | 000,122,880 | ---- | M] (Networks Associates Technology, Inc) [Auto] -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte)
SRV - [2004/08/22 16:31:44 | 000,577,536 | ---- | M] (McAfee Corporation) [Auto] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2004/08/16 15:32:20 | 000,249,856 | ---- | M] (McAfee, Inc) [On_Demand] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/07/15 02:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/12/17 14:59:48 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/03/13 08:50:34 | 000,225,375 | ---- | M] () [On_Demand] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/03 12:26:03 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/10/27 14:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/20 10:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/12/10 13:28:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/09/14 09:50:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/13 14:48:58 | 000,258,368 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/08/09 13:30:18 | 000,083,325 | ---- | M] (McAfee Security) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 06:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS -- (Fs_Rec)
DRV - [2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\SYSTEM32\WINSOCK.DLL -- (Winsock)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/02/10 16:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 14:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/03/13 08:50:36 | 000,023,296 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Dina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Dina_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Dina_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Dina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Frankie_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Frankie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Frankie_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Frankie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Grace_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Grace_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Grace_Brobst_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Grace_Brobst_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Grace_Brobst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Guest_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Haley_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Haley_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Haley_Brobst_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Haley_Brobst_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Haley_Brobst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Joe_D'Amico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Joe_D'Amico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Joe_D'Amico_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Joe_D'Amico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Scott_B.D56XY861_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Scott_B.D56XY861_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Scott_B.D56XY861_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Scott_B.D56XY861_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Scott_B.D56XY861_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (PeoplePal Toolbar) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (PeoplePC)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKU\Dina_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Grace_Brobst_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Haley_Brobst_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Scott_B.D56XY861_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6500\BIN\PPCOLink.exe (PeoplePC)
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (npzpJzFRUpf)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [VSOCheckTask] c:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (Networks Associates Technology, Inc)
O4 - HKU\Dina_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Dina_ON_C..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\Dina_ON_C..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (npzpJzFRUpf)
O4 - HKU\Frankie_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\Grace_Brobst_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\Haley_Brobst_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Joe_D'Amico_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Scott_B.D56XY861_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Scott_B.D56XY861_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Frankie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Grace_Brobst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Haley_Brobst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joe_D'Amico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O7 - HKU\Scott_B.D56XY861_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\helper32.dll File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.3.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe (npzpJzFRUpf)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SysNet - {F70DFEB2-9EBC-40A9-BB7F-DAD021B24BCB} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/07 19:49:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{09880144-8a8c-11de-be55-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09880144-8a8c-11de-be55-00038a000015}\Shell\Explore\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{09880144-8a8c-11de-be55-00038a000015}\Shell\Open\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{8b0e26dc-8a85-11de-be54-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b0e26dc-8a85-11de-be54-00038a000015}\Shell\Explore\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{8b0e26dc-8a85-11de-be54-00038a000015}\Shell\Open\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 11:58:23 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/27 11:57:18 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/27 11:57:17 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/25 22:01:07 | 000,000,000 | ---D | C] -- C:\NBRT
[2010/02/09 18:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/04 17:54:57 | 000,024,064 | ---- | C] (npzpJzFRUpf) -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/04 17:54:57 | 000,024,064 | ---- | C] (npzpJzFRUpf) -- C:\WINDOWS\System32\smss32.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/27 11:58:50 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 22:13:40 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Grace Brobst\ntuser.dat
[2010/02/25 22:13:40 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/25 22:13:39 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Joe D'Amico\ntuser.dat
[2010/02/25 22:13:39 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Haley Brobst\ntuser.dat
[2010/02/25 22:13:39 | 002,838,528 | ---- | M] () -- C:\Documents and Settings\Dina\ntuser.dat
[2010/02/25 22:13:39 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Scott B.D56XY861\NTUSER.DAT
[2010/02/25 22:13:39 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Guest\ntuser.dat
[2010/02/25 22:13:39 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Frankie\ntuser.dat
[2010/02/25 22:13:39 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/25 21:00:58 | 607,125,504 | -HS- | M] () -- C:\NRTPage.sys
[2010/02/09 19:48:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/09 19:48:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 19:47:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 19:47:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Haley Brobst).job
[2010/02/09 19:47:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Grace Brobst).job
[2010/02/09 19:47:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Guest).job
[2010/02/09 19:46:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Joe D'Amico).job
[2010/02/09 19:46:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Owner).job
[2010/02/09 19:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Scott cool.gif.job
[2010/02/09 19:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Frankie).job
[2010/02/09 19:44:00 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Dina).job
[2010/02/09 19:44:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1DCB6202-A952-49EE-BCEE-95044AA2967B}.job
[2010/02/09 19:42:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dina\NTUSER.INI
[2010/02/09 19:34:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/02/09 19:14:26 | 000,101,824 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/02/09 19:14:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/02/09 19:14:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/09 19:13:36 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D56XY861-Dina).job
[2010/02/09 19:13:21 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/02/09 18:53:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/04 17:54:46 | 000,024,064 | ---- | M] (npzpJzFRUpf) -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/04 17:54:46 | 000,024,064 | ---- | M] (npzpJzFRUpf) -- C:\WINDOWS\System32\smss32.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 11:57:18 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/27 11:57:18 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/27 11:57:18 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/27 11:57:18 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/27 11:57:18 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/27 11:57:18 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/27 11:57:18 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/27 11:57:18 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/27 11:57:18 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/27 11:57:18 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/27 11:57:18 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/27 11:57:18 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/27 11:57:18 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/27 11:57:18 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/27 11:57:18 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/27 11:57:18 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/27 11:57:18 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 21:00:58 | 607,125,504 | -HS- | C] () -- C:\NRTPage.sys
[2010/02/09 19:34:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/02/04 17:57:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/04 17:57:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/04 17:55:12 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2009/11/14 16:18:59 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/02 18:42:15 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2009/10/31 11:04:50 | 000,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdef.dll
[2009/07/03 12:26:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/07/03 12:25:43 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/06/23 09:31:48 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Dina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 18:28:59 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/12/01 18:28:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/11/05 19:25:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\DMI.INI
[2008/11/01 08:11:45 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Grace Brobst\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/01 15:56:18 | 000,000,068 | ---- | C] () -- C:\WINDOWS\TONKA_SR.INI
[2008/01/12 11:28:43 | 000,000,051 | ---- | C] () -- C:\WINDOWS\western.ini
[2008/01/07 20:06:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2008/01/07 19:54:37 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Haley Brobst\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/07 19:29:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2008/01/07 18:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/11/27 09:02:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/13 18:15:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Grace Brobst\Application Data\PFP120JPR.{PB
[2007/11/13 18:15:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Grace Brobst\Application Data\PFP120JCM.{PB
[2007/08/17 17:36:03 | 000,000,324 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/08/17 17:30:18 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dina\Application Data\PFP120JPR.{PB
[2007/08/17 17:30:18 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dina\Application Data\PFP120JCM.{PB
[2005/12/31 13:21:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/11/03 17:24:33 | 000,000,107 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/10/30 19:06:47 | 000,000,783 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/07/17 11:43:10 | 000,000,513 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/02/06 15:51:14 | 000,000,242 | ---- | C] () -- C:\WINDOWS\CGCH.INI
[2004/12/19 20:25:35 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Haley Brobst\Application Data\PFP120JPR.{PB
[2004/12/19 20:25:35 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Haley Brobst\Application Data\PFP120JCM.{PB
[2004/12/16 13:57:15 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/16 13:41:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/12/10 13:31:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/10 12:57:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 14:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/02/09 19:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\alot
[2009/10/31 09:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\FunWebProducts
[2010/02/09 19:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\LimeWire
[2010/01/21 16:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\PeoplePal
[2010/02/25 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\Starware322
[2009/07/03 19:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frankie\Application Data\alot
[2010/02/25 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frankie\Application Data\Starware322
[2009/03/29 07:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace Brobst\Application Data\alot
[2007/11/20 18:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace Brobst\Application Data\Starware322(2)
[2009/07/07 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\alot
[2010/02/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Starware322
[2009/02/16 17:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haley Brobst\Application Data\alot
[2010/02/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haley Brobst\Application Data\Starware322
[2009/07/03 12:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe D'Amico\Application Data\alot
[2010/02/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Starware322
[2009/09/04 18:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott B.D56XY861\Application Data\alot
[2010/02/09 19:44:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1DCB6202-A952-49EE-BCEE-95044AA2967B}.job

========== Purity Check ==========


< End of report >


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 AM

Posted 27 February 2010 - 12:14 PM

Wow, thats quite some bad stuff running. I also found the cause for the BSOD, apparently the atapi.sys file is missing. Lets see if we can find a copy on your system and replace it smile.gif

Please re-run OTLPE and post the text in the codebox below in the "custom scan/fix" field. Click "run scan"
CODE
/md5start
atapi.sys
/md5stop
Let the scan run and post me the log afterwards.

Edited by elise025, 27 February 2010 - 12:15 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 danoer1

danoer1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 27 February 2010 - 12:49 PM

ok, results of the second run

OTL logfile created on: 2/27/2010 12:35:49 PM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 290.00 Mb Available Physical Memory | 57.00% Memory free
462.00 Mb Paging File | 322.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 51.32 Gb Free Space | 71.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/10/21 16:57:05 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/16 12:40:57 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/26 17:57:22 | 000,122,880 | ---- | M] (Networks Associates Technology, Inc) [Auto] -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte)
SRV - [2004/08/22 16:31:44 | 000,577,536 | ---- | M] (McAfee Corporation) [Auto] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2004/08/16 15:32:20 | 000,249,856 | ---- | M] (McAfee, Inc) [On_Demand] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/07/15 02:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/12/17 14:59:48 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/03/13 08:50:34 | 000,225,375 | ---- | M] () [On_Demand] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/03 12:26:03 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/10/27 14:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/20 10:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/12/10 13:28:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/09/14 09:50:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/13 14:48:58 | 000,258,368 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/08/09 13:30:18 | 000,083,325 | ---- | M] (McAfee Security) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 06:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS -- (Fs_Rec)
DRV - [2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\SYSTEM32\WINSOCK.DLL -- (Winsock)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/02/10 16:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 14:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/03/13 08:50:36 | 000,023,296 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Dina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Dina_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Dina_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Dina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Frankie_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Frankie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Frankie_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Frankie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Grace_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Grace_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Grace_Brobst_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Grace_Brobst_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Grace_Brobst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Guest_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Haley_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Haley_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Haley_Brobst_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Haley_Brobst_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Haley_Brobst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Joe_D'Amico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Joe_D'Amico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Joe_D'Amico_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Joe_D'Amico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Scott_B.D56XY861_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Scott_B.D56XY861_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Scott_B.D56XY861_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Scott_B.D56XY861_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Scott_B.D56XY861_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (PeoplePal Toolbar) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (PeoplePC)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKU\Dina_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Grace_Brobst_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Haley_Brobst_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Scott_B.D56XY861_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6500\BIN\PPCOLink.exe (PeoplePC)
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (npzpJzFRUpf)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [VSOCheckTask] c:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (Networks Associates Technology, Inc)
O4 - HKU\Dina_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Dina_ON_C..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\Dina_ON_C..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (npzpJzFRUpf)
O4 - HKU\Frankie_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\Grace_Brobst_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\Haley_Brobst_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Joe_D'Amico_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Scott_B.D56XY861_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Scott_B.D56XY861_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Frankie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Grace_Brobst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Haley_Brobst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joe_D'Amico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O7 - HKU\Scott_B.D56XY861_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\helper32.dll File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.3.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe (npzpJzFRUpf)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SysNet - {F70DFEB2-9EBC-40A9-BB7F-DAD021B24BCB} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/07 19:49:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{09880144-8a8c-11de-be55-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09880144-8a8c-11de-be55-00038a000015}\Shell\Explore\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{09880144-8a8c-11de-be55-00038a000015}\Shell\Open\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{8b0e26dc-8a85-11de-be54-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b0e26dc-8a85-11de-be54-00038a000015}\Shell\Explore\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{8b0e26dc-8a85-11de-be54-00038a000015}\Shell\Open\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 11:58:23 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/27 11:57:18 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/27 11:57:17 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/27 11:57:17 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/27 11:57:17 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/25 22:01:07 | 000,000,000 | ---D | C] -- C:\NBRT
[2010/02/09 18:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/04 17:54:57 | 000,024,064 | ---- | C] (npzpJzFRUpf) -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/04 17:54:57 | 000,024,064 | ---- | C] (npzpJzFRUpf) -- C:\WINDOWS\System32\smss32.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/27 12:05:53 | 002,838,528 | ---- | M] () -- C:\Documents and Settings\Dina\ntuser.dat
[2010/02/27 11:58:50 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 22:13:40 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Grace Brobst\ntuser.dat
[2010/02/25 22:13:40 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/25 22:13:39 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Joe D'Amico\ntuser.dat
[2010/02/25 22:13:39 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Haley Brobst\ntuser.dat
[2010/02/25 22:13:39 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Scott B.D56XY861\NTUSER.DAT
[2010/02/25 22:13:39 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Guest\ntuser.dat
[2010/02/25 22:13:39 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Frankie\ntuser.dat
[2010/02/25 22:13:39 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/25 21:00:58 | 607,125,504 | -HS- | M] () -- C:\NRTPage.sys
[2010/02/09 19:48:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/09 19:48:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 19:47:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 19:47:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Haley Brobst).job
[2010/02/09 19:47:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Grace Brobst).job
[2010/02/09 19:47:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Guest).job
[2010/02/09 19:46:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Joe D'Amico).job
[2010/02/09 19:46:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Owner).job
[2010/02/09 19:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Scott cool.gif.job
[2010/02/09 19:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Frankie).job
[2010/02/09 19:44:00 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D56XY861-Dina).job
[2010/02/09 19:44:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1DCB6202-A952-49EE-BCEE-95044AA2967B}.job
[2010/02/09 19:42:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dina\NTUSER.INI
[2010/02/09 19:34:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/02/09 19:14:26 | 000,101,824 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/02/09 19:14:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/02/09 19:14:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/09 19:13:36 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D56XY861-Dina).job
[2010/02/09 19:13:21 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/02/09 18:53:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/04 17:54:46 | 000,024,064 | ---- | M] (npzpJzFRUpf) -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/04 17:54:46 | 000,024,064 | ---- | M] (npzpJzFRUpf) -- C:\WINDOWS\System32\smss32.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 11:57:18 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/27 11:57:18 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/27 11:57:18 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/27 11:57:18 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/27 11:57:18 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/27 11:57:18 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/27 11:57:18 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/27 11:57:18 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/27 11:57:18 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/27 11:57:18 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/27 11:57:18 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/27 11:57:18 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/27 11:57:18 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/27 11:57:18 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/27 11:57:18 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/27 11:57:18 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/27 11:57:18 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 21:00:58 | 607,125,504 | -HS- | C] () -- C:\NRTPage.sys
[2010/02/09 19:34:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/02/04 17:57:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/04 17:57:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/04 17:55:12 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2009/11/14 16:18:59 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/02 18:42:15 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2009/10/31 11:04:50 | 000,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdef.dll
[2009/07/03 12:26:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/07/03 12:25:43 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/06/23 09:31:48 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Dina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 18:28:59 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/12/01 18:28:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/11/05 19:25:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\DMI.INI
[2008/11/01 08:11:45 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Grace Brobst\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/01 15:56:18 | 000,000,068 | ---- | C] () -- C:\WINDOWS\TONKA_SR.INI
[2008/01/12 11:28:43 | 000,000,051 | ---- | C] () -- C:\WINDOWS\western.ini
[2008/01/07 20:06:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2008/01/07 19:54:37 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Haley Brobst\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/07 19:29:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2008/01/07 18:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/11/27 09:02:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/13 18:15:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Grace Brobst\Application Data\PFP120JPR.{PB
[2007/11/13 18:15:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Grace Brobst\Application Data\PFP120JCM.{PB
[2007/08/17 17:36:03 | 000,000,324 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/08/17 17:30:18 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dina\Application Data\PFP120JPR.{PB
[2007/08/17 17:30:18 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dina\Application Data\PFP120JCM.{PB
[2005/12/31 13:21:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/11/03 17:24:33 | 000,000,107 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/10/30 19:06:47 | 000,000,783 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/07/17 11:43:10 | 000,000,513 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/02/06 15:51:14 | 000,000,242 | ---- | C] () -- C:\WINDOWS\CGCH.INI
[2004/12/19 20:25:35 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Haley Brobst\Application Data\PFP120JPR.{PB
[2004/12/19 20:25:35 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Haley Brobst\Application Data\PFP120JCM.{PB
[2004/12/16 13:57:15 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/16 13:41:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/12/10 13:31:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/10 12:57:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 14:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/02/09 19:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\alot
[2009/10/31 09:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\FunWebProducts
[2010/02/09 19:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\LimeWire
[2010/01/21 16:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\PeoplePal
[2010/02/25 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dina\Application Data\Starware322
[2009/07/03 19:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frankie\Application Data\alot
[2010/02/25 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frankie\Application Data\Starware322
[2009/03/29 07:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace Brobst\Application Data\alot
[2007/11/20 18:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace Brobst\Application Data\Starware322(2)
[2009/07/07 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\alot
[2010/02/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Starware322
[2009/02/16 17:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haley Brobst\Application Data\alot
[2010/02/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haley Brobst\Application Data\Starware322
[2009/07/03 12:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe D'Amico\Application Data\alot
[2010/02/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Starware322
[2009/09/04 18:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott B.D56XY861\Application Data\alot
[2010/02/09 19:44:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1DCB6202-A952-49EE-BCEE-95044AA2967B}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/07/26 13:48:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2009/07/26 13:48:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< End of report >


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 AM

Posted 27 February 2010 - 01:48 PM

Hello,

Please boot from the CD and on the desktop, doubleclick on My Computer.

Navigate to: C:\WINDOWS\ServicePackFiles\i386\atapi.sys

Rightclick that file and select "copy".

Now navigate to the following folder: c:\windows\system32\drivers

Rightclick in in that folder and select "paste". You should now have a copy of atapi.sys in the Drivers folder.


After that file is copied succesfully, open OTLPE and copy/paste the text in the codebox below in the "custom scan/fix" field and click "run fix"
CODE
:services
MyWebSearchService

:otl
IE - HKU\Dina_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Dina_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Frankie_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Frankie_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Grace_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Grace_Brobst_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Grace_Brobst_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Guest_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Haley_Brobst_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Haley_Brobst_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Haley_Brobst_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Joe_D'Amico_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\Scott_B.D56XY861_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Scott_B.D56XY861_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Dina_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Grace_Brobst_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Haley_Brobst_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Scott_B.D56XY861_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (npzpJzFRUpf)
O4 - HKU\Dina_ON_C..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\Dina_ON_C..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (npzpJzFRUpf)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Dina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
[2010/02/04 17:54:57 | 000,024,064 | ---- | C] (npzpJzFRUpf) -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/04 17:54:57 | 000,024,064 | ---- | C] (npzpJzFRUpf) -- C:\WINDOWS\System32\smss32.exe
[2010/02/09 19:34:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/02/04 17:57:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/04 17:57:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/04 17:55:12 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html

:files
C:\WINDOWS\System32\helper32.dll /lsp
C:\Program Files\MyWebSearch

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

:commands
[emptytemp]
Let the fix run and afterwards try to reboot normally (if you did all the steps above, it should work fine). Post back here with the results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 danoer1

danoer1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 27 February 2010 - 03:55 PM

thumbup.gif well....OK!! everything seems fine. Was able to get windows to start up on the 2nd restart. First one gave me a BSOD, but all seems fine now. Thanks! The last code you gave me removed the viruses, trojans...??? Obviously my sister in law needs to have a anti virus program, It seems the McAfee one she has is out of date and no longer working. Guess I should just get rid of it and install a new one. Are there still other obvious things I need to do before I proceed with the new virus program? Recommendations? Thanks again elise025 you have been a great help!!!

dan

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 AM

Posted 27 February 2010 - 04:10 PM

Hi again, good to hear that!

The script should have nuked quite some bad stuff indeed, but who knows, there might still be something left, so lets check that out.

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Edited by elise025, 27 February 2010 - 04:12 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 danoer1

danoer1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 28 February 2010 - 07:56 PM

OK, so I've removed MacAfee...I think, downloaded and installed Avast Google Chrome and an anti malware program. Then downloaded OTL and ran it as you recommended. Here are the 2 txt files.

Thanks,

Dan

OTL logfile created on: 2/28/2010 7:31:56 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Joe D'Amico\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 52.78 Gb Free Space | 73.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D56XY861
Current User Name: Joe D'Amico
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 19:30:56 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe D'Amico\My Documents\Downloads\OTL.exe
PRC - [2010/02/11 13:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/08 20:09:42 | 000,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/25 09:32:10 | 000,368,640 | ---- | M] () -- C:\Program Files\Kids Imaging Studio\Photags AutoDetect.exe
PRC - [2005/12/28 06:21:37 | 000,270,336 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2005/09/20 09:36:20 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
PRC - [2005/09/20 09:32:24 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2004/12/10 13:28:30 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/09/14 09:50:48 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/09/14 09:50:48 | 000,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
PRC - [2004/08/23 19:19:22 | 000,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/07/19 08:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2004/06/30 14:33:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/04/15 04:18:38 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2004/04/15 03:32:22 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
PRC - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2004/04/15 03:20:38 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
PRC - [2004/04/11 21:15:14 | 000,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/02/28 19:30:56 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe D'Amico\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/28 13:02:34 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 02:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/12/17 14:59:48 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/03 12:26:03 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/10/27 14:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/20 10:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/12/10 13:28:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/09/14 09:50:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/13 14:48:58 | 000,258,368 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/02/10 16:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 14:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-4269239821-3843998691-2329889169-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-4269239821-3843998691-2329889169-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKU\S-1-5-21-4269239821-3843998691-2329889169-1006\S-1-5-21-4269239821-3843998691-2329889169-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-4269239821-3843998691-2329889169-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\Kids Imaging Studio\Photags AutoDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4269239821-3843998691-2329889169-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SysNet - {F70DFEB2-9EBC-40A9-BB7F-DAD021B24BCB} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll File not found
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/07 19:49:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 18:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe D'Amico\Application Data\Malwarebytes
[2010/02/28 16:39:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 16:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 16:39:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 13:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/28 13:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe D'Amico\My Documents\Downloads
[2010/02/28 13:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/28 13:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe D'Amico\Local Settings\Application Data\Temp
[2010/02/28 13:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe D'Amico\Local Settings\Application Data\Google
[2010/02/28 13:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/02/28 13:02:31 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/28 13:02:30 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/28 13:02:29 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/28 13:02:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/28 13:02:25 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/28 13:02:25 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/28 13:02:25 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/28 13:02:11 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/28 13:02:11 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/28 13:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/28 13:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/28 12:58:20 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/28 12:58:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/28 12:58:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/28 12:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe D'Amico\Application Data\Adobe
[2010/02/28 12:15:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe D'Amico\IECompatCache
[2010/02/28 12:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe D'Amico\Application Data\PeoplePal
[2010/02/27 15:20:06 | 000,545,792 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/02/27 15:14:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/25 22:01:07 | 000,000,000 | ---D | C] -- C:\NBRT
[2009/12/03 16:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2009/12/03 16:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2009/07/26 14:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/12/16 12:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/12/10 12:56:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/12/10 12:56:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/12/10 12:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/28 19:25:50 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 19:24:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1DCB6202-A952-49EE-BCEE-95044AA2967B}.job
[2010/02/28 19:23:34 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Joe D'Amico\ntuser.dat
[2010/02/28 19:23:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joe D'Amico\NTUSER.INI
[2010/02/28 19:12:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 18:24:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 18:23:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/28 16:33:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/28 13:03:14 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/28 13:02:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/28 12:53:02 | 000,040,944 | ---- | M] () -- C:\Documents and Settings\Joe D'Amico\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/28 12:48:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/28 12:27:19 | 000,000,507 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/28 12:26:56 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/02/28 12:20:12 | 000,000,796 | ---- | M] () -- C:\WINDOWS\tasks\McAfee Cleanup.job
[2010/02/28 12:12:29 | 000,101,824 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/02/27 15:29:43 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D56XY861-Dina).job
[2010/02/27 15:27:25 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Joe D'Amico\Desktop\Windows Media Player.lnk
[2010/02/26 11:33:11 | 000,545,792 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/02/25 21:00:58 | 607,125,504 | -HS- | M] () -- C:\NRTPage.sys
[2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/09 19:36:53 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/02/28 13:03:14 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/28 13:02:40 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 13:02:39 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 12:26:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/02/28 12:20:12 | 000,000,796 | ---- | C] () -- C:\WINDOWS\tasks\McAfee Cleanup.job
[2010/02/25 21:00:58 | 607,125,504 | -HS- | C] () -- C:\NRTPage.sys
[2009/11/14 16:18:59 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/03 12:26:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/07/03 12:25:43 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/12/01 18:28:59 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/12/01 18:28:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/11/05 19:25:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\DMI.INI
[2008/02/01 15:56:18 | 000,000,068 | ---- | C] () -- C:\WINDOWS\TONKA_SR.INI
[2008/01/12 11:28:43 | 000,000,051 | ---- | C] () -- C:\WINDOWS\western.ini
[2008/01/07 20:06:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2008/01/07 19:29:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2008/01/07 18:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/11/27 09:02:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/08/17 17:36:03 | 000,000,324 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/12/31 13:21:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/11/03 17:24:33 | 000,000,107 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/10/30 19:06:47 | 000,000,783 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/07/17 11:43:10 | 000,000,513 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/02/06 15:51:14 | 000,000,242 | ---- | C] () -- C:\WINDOWS\CGCH.INI
[2004/12/16 13:57:15 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/16 13:41:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/12/10 13:31:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/10 12:57:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 14:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >


OTL Extras logfile created on: 2/28/2010 7:31:56 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Joe D'Amico\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 52.78 Gb Free Space | 73.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D56XY861
Current User Name: Joe D'Amico
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4269239821-3843998691-2329889169-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{FF4A64B8-1AA6-4AA9-9544-54A7ECF0CE22}" = muvee autoProducer 3.5 magicMoments
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"alotToolbar" = ALOT Toolbar
"Arthur's Reading Race" = Arthur's Reading Race
"avast5" = avast! Free Antivirus
"Barbie® Super Sports™" = Barbie® Super Sports™
"Casper Activity Center" = Casper Activity Center
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell AIO Printer A920" = Dell AIO Printer A920
"DellSupport" = Dell Support 5.0.0 (630)
"Digital Camera_is1" = Uninstall Digital Camera Drivers
"Dr. Seuss Kindergarten" = Dr. Seuss Kindergarten
"Encarta98" = Microsoft Encarta 98 Encyclopedia
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"JumpStart Advanced 1st Grade" = JumpStart Advanced 1st Grade
"JumpStart Art Club" = JumpStart Art Club
"JumpStart Music" = JumpStart Music
"JumpStart Reading with Karaoke" = JumpStart Reading with Karaoke
"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground
"Kids Imaging Studio" = Kids Imaging Studio
"LimeWire" = LimeWire 5.2.13
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSB Dino" = Magic School Bus - Dinosaurs
"MyWaySearchAssistantDE" = My Way Search Assistant
"Photags Music Express" = iConcepts Music Express
"PROSet" = Intel® PRO Network Adapters and Drivers
"PRSCHOOL_2.3b" = Jumpstart Preschool v2.3b
"Reader Rabbit 1st Grade" = Reader Rabbit 1st Grade
"RealPlayer 6.0" = RealPlayer Basic
"RRF.exe" = Reader Rabbit's 1st Grade
"Sesame Street Elmo's Reading" = Sesame Street Elmo's Reading
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Great Festival Adventure" = Thomas & Friends - The Great Festival Adventure
"The Land Before Time Kindergarten Adventure" = The Land Before Time Kindergarten Adventure
"Thomas & Friends - Railway Adventures" = Thomas & Friends - Railway Adventures
"Tonka Search and Rescue" = Tonka Search and Rescue
"ViewpointMediaPlayer" = Viewpoint Media Player
"Western" = Fisher-Price® Western Town
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2007 8:17:49 AM | Computer Name = D56XY861 | Source = Application Error | ID = 1000
Description = Faulting application mcvsshld.exe, version 9.0.0.7, faulting module
mcvsshld.exe, version 9.0.0.7, fault address 0x000098f5.

Error - 11/13/2007 7:21:33 PM | Computer Name = D56XY861 | Source = Application Hang | ID = 1002
Description = Hanging application DLBKPSWX.EXE, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2007 7:26:59 PM | Computer Name = D56XY861 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x03ccc08f.

Error - 12/10/2007 5:04:04 PM | Computer Name = D56XY861 | Source = ESENT | ID = 485
Description = wuauclt (1052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 1/7/2008 7:20:05 PM | Computer Name = D56XY861 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.0.2.16, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2008 7:32:51 PM | Computer Name = D56XY861 | Source = MsiInstaller | ID = 1013
Description = Product: iPod for Windows 2006-03-23 -- 1: This installation cannot
be run by directly launching the MSI package. You must run setup.exe.

Error - 1/13/2008 12:13:37 PM | Computer Name = D56XY861 | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 9.0.2.53, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2008 12:15:35 PM | Computer Name = D56XY861 | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 9.0.2.53, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2008 12:16:52 PM | Computer Name = D56XY861 | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 9.0.2.53, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2008 12:18:30 PM | Computer Name = D56XY861 | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 9.0.2.53, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/28/2010 1:46:48 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 1:46:48 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 1:46:49 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 1:46:49 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 1:46:49 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 1:46:49 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 1:46:49 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 1:46:49 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/28/2010 7:24:09 PM | Computer Name = D56XY861 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 2/28/2010 7:24:29 PM | Computer Name = D56XY861 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 AM

Posted 01 March 2010 - 06:28 AM

Hello ,

UNINSTALL PROGRAMS
--------------------------------
Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.

    My Way Search assistant
    ALOT Toolbar
If you are unsure of how to use Add or Remove Programs, then please see this tutorial:
How To Remove An Installed Program From Your Computer


UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 danoer1

danoer1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 02 March 2010 - 02:13 PM

Hello again,

Was not able to completely remove the MyWay thing. When I run the remove program step in control panels it tells me there is an error loading the desrcas.dll file and the specified module can't be found.

Went ahead and did the Java thing and updated and ran Malware. Here is the log

Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/2/2010 2:09:24 PM
mbam-log-2010-03-02 (14-09-24).txt

Scan type: Quick Scan
Objects scanned: 175409
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dan


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:21 AM

Posted 02 March 2010 - 02:28 PM

Okay, that looks good, how is everything running now?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 danoer1

danoer1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 03 March 2010 - 08:58 PM

Hey,

Everything on the computer seems to be running fine. Nice and quick and smooth. I am still quite surprised by the number of viruses that seem to keep on showing up though!! The ESET scan found a few, here is the log. I believe my nieces use Limewire quite a lot. Looks like the ones in the log are from Limewire. Never used it myself, but ...

Thanks,

Dan

C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5123506-waking up in vegas by katty most popular hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5172680-goodbye summer kids version top #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5188635-my heart beats fast new hot single.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5553274-my heart beats fast live in paris rare record.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5554777-06 tic toc by keisha.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5565150-goodbye summer kids version club mix by armin van buuren.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5848916-say hay i love you.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5856727-give it all to me shakera wane.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Dina\My Documents\LimeWire\Incomplete\Preview-T-5857526-goodbye summer kids version.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE Win32/Adware.DSSAgent application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.ATP trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02272010_151457\C_WINDOWS\SYSTEM32\warning.html Win32/TrojanDownloader.FakeAlert.ATP trojan cleaned by deleting - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users