Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unown Malware Problem. Cannot load many files like internet


  • This topic is locked This topic is locked
20 replies to this topic

#1 SSBBDaisy

SSBBDaisy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 16 July 2010 - 04:24 PM

Hi, i'm new here. I'm trying to help my sis's computer. I have also been on the chat and they have been guiding me there to. My sis has a strange problem where it can't load problems because window cannot sense them and it gives me either the choice to find something compatible on the internet (which I cannot connect because of this virus/malware) or to look for a program that can on my computer. I ran malwarebytes in safe mode which found 35 viruses and I deleted them all with the computer still not working. She cannot connect to the internet and she can't run simple things like adobe and pinball on her computer. I have made some progress from where I couldn't acess my computer nor could I run add/remove programs and other programs to I now can use them in control panel. I just hope I followed the directions and I can get some help. Any help will be GREATLY appreciated.





DDS (Ver_10-03-17.01) - NTFSx86
Run by Cheryll at 14:59:14.35 on Fri 07/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.651 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Cheryll\Desktop\Defogger.exe
C:\Documents and Settings\Cheryll\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60315
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60315
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: : {db35c569-5624-4cfc-8043-e5139f55a073} - c:\progra~1\crawler\shared\CShared.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MailBlocker] c:\docume~1\cheryll\locals~1\temp\b.exe
uRun: [Minisoft] c:\docume~1\cheryll\locals~1\temp\o.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; Zango 10.3.85.0; MSN Optimized;US)" -"http://pbskids.org/caillou/games/keyboard/index.html"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010070221
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://filedownload.att.net/Gh/Delicious_2_Web/Game/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 217.20.175.74 www.review.2009softwarereviews.com
Hosts: 217.20.175.74 review.2009softwarereviews.com
Hosts: 217.20.175.74 a1.review.zdnet.com
Hosts: 217.20.175.74 www.d1.reviews.cnet.com
Hosts: 217.20.175.74 www.reviews.toptenreviews.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-14 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-16 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-25 133104]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-12 14336]

============== File Associations ===============

.reg=reg_auto_file
.txt=

=============== Created Last 30 ================

2010-07-16 18:53:26 0 ----a-w- c:\documents and settings\cheryll\defogger_reenable
2010-07-14 21:27:51 1024094 ----a-w- c:\windows\system32\commonpriv.log.1
2010-07-14 21:27:51 0 ----a-w- c:\windows\system32\commonpriv.log.lock
2010-07-13 02:45:04 0 d-----w- c:\program files\Crawler
2010-07-06 22:52:16 0 d-sh--w- c:\documents and settings\cheryll\IECompatCache
2010-07-06 22:33:07 0 dc-h--w- c:\windows\ie8
2010-07-02 03:46:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-30 00:10:01 1409 ----a-w- c:\windows\system32\tmpB5D95.FOT
2010-06-29 23:50:09 0 d-----w- c:\program files\MSN Toolbar
2010-06-29 23:49:41 0 d-----w- c:\program files\MSN Toolbar Installer
2010-06-29 19:52:01 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-06-29 19:52:01 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-06-29 19:51:55 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-06-29 19:51:47 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-29 19:51:43 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-06-29 19:51:34 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-06-19 02:36:12 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2010-06-19 01:19:33 0 d-----w- c:\docume~1\alluse~1\applic~1\WildTangent

==================== Find3M ====================

2010-06-29 19:42:44 38272 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-02 19:25:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 06:07:28 31100 ----a-w- c:\windows\fonts\Creator_Campotype_smcp.otf
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-04-27 01:29:56 43083040 ----a-w- c:\program files\AdbeRdr910_en_US_Std.exe

============= FINISH: 14:59:52.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:30 PM

Posted 23 July 2010 - 07:35 AM

Hello and welcome to Bleeping Computer smile.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 SSBBDaisy

SSBBDaisy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 23 July 2010 - 10:39 AM

Thankyou myrti for assisting me. I understand completely, a lot of people's computers always has problems and they want help. I had no problem with waiting and there is no need to apoligize smile.gif .


Here is the problem with my sister's computer


Her computer will not recognize files and not let us load some of them. Every file like: Pinball, dds.scr, etc. This error comes up when I try to run/open the file (for everything I try to open)


Choose the program you want to use to open this file


File: (the name of the file) In this case I chose Pinball.lnk


(Then a list of the files to choose from the computer)





Then at the bottom it says


If the program you want is not in the list or on your computer,, you can look for the appropriate program on the Web. (which is another problem, we cannot access the internet, and the browser does not work)



That is the error. NOTE: Some files (very few) can be opened by matching the file with itself when it asks me to choose the program I want to use to open this file. But it only works for VERY FEW files like the dds.scr. It wont work for pinball.



What I have done already


Before I made the thread I went into the chatroom to see if they could help me fix the problem as I could not follow what the guide told me to do because my computer would not let me. So in the chatroom (I think it was Tiger, Pandy, and Techexpert) helped me. Tiger gave me this windows XP fix that wouldn't run so he had me open task manager and click file and click New Task (Run....) while holding control at the same time which allowed me to open up a menu that took me to another menu that allowed me to force the fix to work. BEFORE I did all that: I was not able to: Access My Computer, Access Control Panel, anything. The malware was making one file open everything and gave everything the icon of the file which was Divx player, so after I got Tiger's help and forced the fix on my computer I went to add/remove programs and deleted DivX player to see if the problem would go away but it did not. But it did remove the DivX icon on all the files to regular file icons.



ANOTHER THING I DID: I forgot to tell you that I went to safe mode (this is before tiger's help) and was able to run Malwarebytes and I removed 35 infections on the computer but it still didn't fix it.



Because of the fix I'm now able to get into areas like My Computer and Control Panel but still can't use most programs/files or the inernet.



My DDS Log (New updated one 07/23/10):


DDS (Ver_10-03-17.01) - NTFSx86
Run by Cheryll at 10:46:39.20 on Fri 07/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.587 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Cheryll\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60315
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60315
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: : {db35c569-5624-4cfc-8043-e5139f55a073} - c:\progra~1\crawler\shared\CShared.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MailBlocker] c:\docume~1\cheryll\locals~1\temp\b.exe
uRun: [Minisoft] c:\docume~1\cheryll\locals~1\temp\o.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; Zango 10.3.85.0; MSN Optimized;US)" -"http://pbskids.org/caillou/games/keyboard/index.html"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010070221
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://filedownload.att.net/Gh/Delicious_2_Web/Game/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 217.20.175.74 www.review.2009softwarereviews.com
Hosts: 217.20.175.74 review.2009softwarereviews.com
Hosts: 217.20.175.74 a1.review.zdnet.com
Hosts: 217.20.175.74 www.d1.reviews.cnet.com
Hosts: 217.20.175.74 www.reviews.toptenreviews.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-14 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-16 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-25 133104]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-12 14336]

============== File Associations ===============

.reg=reg_auto_file
.txt=

=============== Created Last 30 ================

2010-07-23 14:46:02 0 ----a-w- c:\documents and settings\cheryll\commonpriv.log.lock
2010-07-16 18:53:26 0 ----a-w- c:\documents and settings\cheryll\defogger_reenable
2010-07-14 21:27:51 1024094 ----a-w- c:\windows\system32\commonpriv.log.1
2010-07-14 21:27:51 0 ----a-w- c:\windows\system32\commonpriv.log.lock
2010-07-13 02:45:04 0 d-----w- c:\program files\Crawler
2010-07-06 22:52:16 0 d-sh--w- c:\documents and settings\cheryll\IECompatCache
2010-07-06 22:33:07 0 dc-h--w- c:\windows\ie8
2010-07-02 03:46:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-30 00:10:01 1409 ----a-w- c:\windows\system32\tmpB5D95.FOT
2010-06-29 23:50:09 0 d-----w- c:\program files\MSN Toolbar
2010-06-29 23:49:41 0 d-----w- c:\program files\MSN Toolbar Installer
2010-06-29 19:52:01 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-06-29 19:52:01 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-06-29 19:51:55 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-06-29 19:51:47 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-29 19:51:43 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-06-29 19:51:34 81768 ----a-w- c:\windows\system32\xinput1_3.dll

==================== Find3M ====================

2010-06-29 19:42:44 38272 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-02 19:25:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 06:07:28 31100 ----a-w- c:\windows\fonts\Creator_Campotype_smcp.otf
2009-04-27 01:29:56 43083040 ----a-w- c:\program files\AdbeRdr910_en_US_Std.exe

============= FINISH: 10:47:44.99 ===============














OTL Log:


OTL logfile created on: 7/23/2010 11:14:06 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\New Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.86 Gb Free Space | 37.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.60 Gb Free Space | 86.16% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3
Current User Name: Cheryll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\New Tools\OTL.exe
PRC - [2010/06/02 15:25:43 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 15:24:45 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 15:24:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/17 16:25:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 16:24:54 | 000,751,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\New Tools\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\sshnas.dll -- (SSHNAS)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/17 16:25:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/27 10:36:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/06/02 15:25:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 15:25:41 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 16:23:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/03/08 04:53:53 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/09/23 10:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 10:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/12 09:25:23 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/12 09:25:23 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 18:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60315
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60315


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 11:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/06/29 19:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/30 01:16:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/01/27 19:42:37 | 000,001,551 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 www.reviews.download.com
O1 - Hosts: 217.20.175.74 reviews.download.com
O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 - Hosts: 217.20.175.74 reviews.pcmag.com
O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 - Hosts: 217.20.175.74 reviews.reevoo.com
O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
O1 - Hosts: 217.20.175.74 reviews.techradar.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003..\Run: [MailBlocker] C:\DOCUME~1\Cheryll\LOCALS~1\Temp\b.exe File not found
O4 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003..\Run: [Minisoft] C:\DOCUME~1\Cheryll\LOCALS~1\Temp\o.exe File not found
O4 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://filedownload.att.net/Gh/Delicious_2...zylomplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cheryll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cheryll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/10 13:22:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D05B2570-ECF0-4021-505C-C5F30E891515} - Internet Explorer
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E167A298-D26E-1A9A-EC80-FE3DD957484F} - Themes Setup
ActiveX: {E23CB53A-3829-162C-D56A-AB031165F2CC} - Microsoft Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{5344b500-1be4-4299-bae1-6bc7524b710b} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\System32\sshnas.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/15 21:34:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\rundll32.exe
[2010/07/15 21:32:26 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\My Documents\explorer.exe
[2010/07/15 21:31:08 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\explorer.exe
[2010/07/12 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010/07/07 12:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryll\Local Settings\Application Data\Yahoo
[2010/07/06 18:52:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Cheryll\IECompatCache
[2010/07/06 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/07/06 18:33:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/01 23:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/06/29 21:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/29 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/06/29 19:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/06/29 15:52:01 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/06/29 15:52:01 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/06/29 15:51:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/06/29 15:51:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/06/29 15:51:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/06/29 15:51:34 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/23 11:15:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3162801D-C5A3-434D-A486-1C7BB9C85D12}.job
[2010/07/23 11:14:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B31236F4-6567-4340-9992-0B8F1236EB48}.job
[2010/07/23 11:04:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/07/23 10:55:06 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/23 10:50:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/23 10:48:26 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2B15165C-5E77-4C3E-B55B-FDBFB2522652}.job
[2010/07/23 10:46:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/23 10:46:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/23 10:45:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/23 10:45:54 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010/07/23 10:45:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/23 10:45:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/23 10:45:34 | 1073,213,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/16 18:51:18 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Cheryll\NTUSER.DAT
[2010/07/16 18:51:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cheryll\ntuser.ini
[2010/07/16 18:51:10 | 002,667,542 | -H-- | M] () -- C:\Documents and Settings\Cheryll\Local Settings\Application Data\IconCache.db
[2010/07/16 14:53:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cheryll\defogger_reenable
[2010/07/16 10:08:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\gmer.zip
[2010/07/16 10:06:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Defogger.exe
[2010/07/16 10:02:50 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\dds.scr
[2010/07/15 18:49:02 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Rachel's pictures.lnk
[2010/07/14 22:28:22 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Internet.lnk
[2010/07/14 16:30:46 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Cheryll\My Documents\spider.sav
[2010/07/13 05:28:16 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/12 21:15:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure_sch_814E9930-7DA4-11DF-958E-00022D5B1111.job
[2010/07/12 19:41:01 | 061,925,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 18:45:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/02 02:04:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Cheryll\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/01 13:43:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 20:10:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB5D95.FOT
[2010/06/29 15:42:44 | 000,038,272 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/24 00:02:12 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 00:02:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 00:02:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 10:46:02 | 000,015,126 | ---- | C] () -- C:\Documents and Settings\Cheryll\commonpriv.log
[2010/07/23 10:46:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryll\commonpriv.log.lock
[2010/07/16 14:58:47 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\dds.scr
[2010/07/16 14:53:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryll\defogger_reenable
[2010/07/16 14:31:12 | 000,002,690 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\xp_regfile.reg
[2010/07/16 14:11:11 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\xp_exe_fix.reg
[2010/07/16 13:45:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\gmer.zip
[2010/07/16 13:45:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Defogger.exe
[2010/07/16 13:43:09 | 1073,213,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/14 22:28:22 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Internet.lnk
[2010/07/13 19:54:44 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Cheryll\My Documents\spider.sav
[2010/06/29 20:10:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB5D95.FOT
[2010/02/06 03:26:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/02/06 03:26:50 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/02/06 03:26:50 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/08 04:53:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/02/11 18:29:21 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/13 15:23:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2008/12/13 15:23:03 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008/12/10 14:33:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/08 00:41:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/08 00:41:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/08 00:41:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/08 00:41:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/12 09:17:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 09:19:04 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 09:36:15 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/12 09:24:31 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/12 09:27:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/12/10 10:14:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/10 10:14:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/10 10:14:06 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/02 15:25:41 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/06/02 15:25:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE29FBBF
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA0EB21
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91975276
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63596073
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4532973
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331AD5E9
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95546FDA
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:528A8DB3
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68280D1
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFC67DE
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20A5B16A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B6B5197
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E985157
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38673444
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DAABF18
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140CF428
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D455373F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64551561
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C255CAF0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E6661F3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52DDC38
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F2005B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BD8B9DD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD6273E0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:928218FA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097031DF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3AB6321
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38760F1C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE120A60
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F39B6D8
< End of report >








OTL Extras Log:

OTL Extras logfile created on: 7/23/2010 11:14:06 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\New Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.86 Gb Free Space | 37.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.60 Gb Free Space | 86.16% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3
Current User Name: Cheryll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cmd [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = reg_auto_file] -- C:\Documents and Settings\Cheryll\Desktop\xp_exe_fix.reg ()
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbs [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"FormatFactory" = FormatFactory 2.20
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2010 2:42:28 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 2:43:57 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 2:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 3:55:16 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 4:55:20 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 5:42:04 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 5:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 5:56:42 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 6:00:06 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2010 10:55:05 AM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/16/2010 1:09:23 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/16/2010 1:35:24 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:35:26 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:35:32 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:37:47 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:42:05 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/16/2010 1:44:25 PM | Computer Name = DELL3 | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 7/16/2010 2:18:47 PM | Computer Name = DELL3 | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 7/23/2010 10:47:05 AM | Computer Name = DELL3 | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 7/23/2010 10:48:13 AM | Computer Name = DELL3 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Attached Files


Edited by SSBBDaisy, 23 July 2010 - 10:40 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:30 PM

Posted 23 July 2010 - 05:02 PM

Hi,

Thanks for the detailed explanation. The biggest right now seems to be to get your programs back to run. Could you please see if you can open regedit.

Either type regedit into Start -> Run as... and see if that will work or navigate to C:\windows\regedit.exe and see if you can run the program. Should that be possible you should get to see the registry editor. If that is successful, click on File and then on Import and select the file Tiger linked you too. This should give you the possibility to apply the fix.

can you please see if you can run ComboFix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 SSBBDaisy

SSBBDaisy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 24 July 2010 - 12:02 PM

I already went into the registery editor when Tiger first gave me the file. It was successfull but nothing happened and when I went to go click on the file all it said Are you sure you want to add the information in C:\Documents and Settings\Cheryll\Desktop\xp_regfile.reg to the registry? The file didn't start and nothing was fixed. So I did it again like you told me and it was successful but the file will not start just like it did before when I did it with Tiger.



I can't do Combo Fix because I can't connect to the internet. My sister's computer senses the connection but does not give me the information I need to connect it to the wireless connection and at the bottom left a mini note pops up saying (when I try to connect): Windows was unable to find a certificate to log you on to the network 2WIRE936.



Combo fix did make a log though. I will put it up. It also did a complete scan of the computer but when I tried to install the "windows recovery console" it wouldn't let me because I can't connect to the internet on her computer. sad.gif.


Here is the Log for ComboFix:





ComboFix 10-07-23.04 - Cheryll 07/24/2010 11:50:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.602 [GMT -4:00]
Running from: c:\documents and settings\Cheryll\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Cheryll\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Cheryll\My Documents\explorer.exe
c:\program files\Common Files\Uninstall
c:\program files\Internet Explorer\setup.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\ndisapi.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Legacy_SSHNAS
-------\Service_NDISRD
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-15 23:21 . 2010-07-15 23:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-07-15 23:18 . 2010-07-15 23:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-13 02:45 . 2010-07-13 02:46 -------- d-----w- c:\documents and settings\PLEX\Application Data\SiteRanker
2010-07-13 02:45 . 2010-07-13 02:46 -------- d-----w- c:\documents and settings\PLEX\Application Data\Inbox Toolbar
2010-07-13 02:45 . 2010-07-13 09:06 -------- d-----w- c:\program files\Crawler
2010-07-12 21:54 . 2010-07-12 21:54 -------- d-----w- c:\documents and settings\PLEX\Application Data\Office Genuine Advantage
2010-07-07 16:46 . 2010-07-07 16:46 -------- d-----w- c:\documents and settings\Cheryll\Local Settings\Application Data\Yahoo
2010-07-06 22:52 . 2010-07-06 22:52 -------- d-sh--w- c:\documents and settings\Cheryll\IECompatCache
2010-07-06 22:42 . 2010-07-06 22:42 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\Yahoo
2010-07-06 22:36 . 2010-07-08 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----w- c:\documents and settings\PLEX\Application Data\Yahoo!
2010-07-06 22:33 . 2010-07-06 22:34 -------- dc-h--w- c:\windows\ie8
2010-07-03 01:18 . 2010-07-06 21:55 -------- d-----w- c:\documents and settings\PLEX\Application Data\playitall
2010-07-02 03:55 . 2010-07-02 04:12 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\Temp
2010-07-02 03:46 . 2010-07-02 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-07-01 00:56 . 2010-07-03 01:17 -------- d-----w- c:\documents and settings\PLEX\Application Data\vlc
2010-06-30 01:28 . 2010-06-30 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-06-30 00:57 . 2010-06-30 00:57 -------- d-----w- c:\documents and settings\PLEX\Application Data\FrimaStudio
2010-06-29 23:51 . 2010-06-30 01:28 -------- d-----w- c:\documents and settings\PLEX\Application Data\PlayFirst
2010-06-29 23:50 . 2010-06-29 23:50 -------- d-----w- c:\program files\MSN Toolbar
2010-06-29 23:49 . 2010-06-29 23:50 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-29 23:29 . 2010-06-29 23:29 -------- d-----w- c:\documents and settings\PLEX\Application Data\Unity
2010-06-29 23:26 . 2010-06-29 23:26 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\Unity
2010-06-29 19:53 . 2010-06-29 19:53 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\3DVIA
2010-06-29 19:52 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-06-29 19:52 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-06-29 19:51 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-06-29 19:51 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-29 19:51 . 2008-05-30 18:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-06-29 19:51 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 18:45 . 2009-01-26 00:13 -------- d-----w- c:\program files\DivX
2010-07-16 18:36 . 2010-05-19 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-16 18:36 . 2009-09-05 03:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-13 01:28 . 2010-06-18 01:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-11 07:08 . 2010-05-19 04:53 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 17:41 . 2008-12-26 18:20 -------- d-----w- c:\documents and settings\Cheryll\Application Data\Apple Computer
2010-07-08 15:12 . 2009-04-20 01:32 -------- d-----w- c:\program files\Yahoo!
2010-07-06 22:16 . 2009-08-10 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-02 06:04 . 2009-03-04 01:07 -------- d-----w- c:\program files\Google
2010-06-29 19:42 . 2009-05-05 16:30 38272 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-29 19:42 . 2010-06-19 00:51 -------- d-----w- c:\documents and settings\PLEX\Application Data\Apple Computer
2010-06-24 00:56 . 2010-06-24 00:56 -------- d-----w- c:\documents and settings\PLEX\Application Data\SBTT
2010-06-23 09:17 . 2010-02-18 23:22 -------- d-----w- c:\documents and settings\Cheryll\Application Data\Move Networks
2010-06-23 04:48 . 2010-05-10 21:59 -------- d-----w- c:\program files\Unity
2010-06-23 04:46 . 2010-06-19 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-06-23 04:41 . 2010-06-07 13:59 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-06-23 04:41 . 2009-07-05 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-06-23 04:41 . 2009-07-05 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-06-23 04:00 . 2010-06-23 04:00 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbEC.tmp.exe
2010-06-22 03:59 . 2010-06-22 03:59 -------- d-----w- c:\documents and settings\PLEX\Application Data\Magus
2010-06-22 03:20 . 2010-06-22 03:20 -------- d-----w- c:\documents and settings\PLEX\Application Data\DivX
2010-06-22 02:12 . 2010-06-22 02:11 -------- d-----w- c:\documents and settings\PLEX\Application Data\DriverCure
2010-06-22 02:11 . 2010-06-22 02:11 46280 ----a-w- c:\documents and settings\PLEX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-19 23:33 . 2010-06-19 23:32 421756 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\prodinfo_pressyourluck2010edition_1.0.0.1317.exe
2010-06-19 23:32 . 2010-06-19 23:32 208459 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\brandinfo_wildgames_1.0.0.294.exe
2010-06-19 23:32 . 2010-06-19 23:32 76235 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\pkgtype_1.0.0.63.exe
2010-06-19 23:32 . 2010-06-19 23:32 453445 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\catalyst_1.0.0.418.exe
2010-06-19 23:32 . 2010-06-19 23:32 464112 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Temp\WTDownloader.exe
2010-06-19 15:53 . 2010-06-19 15:53 -------- d-----w- c:\documents and settings\PLEX\Application Data\WildTangent
2010-06-19 06:24 . 2010-06-19 06:24 503808 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-458ba934-n\msvcp71.dll
2010-06-19 06:24 . 2010-06-19 06:24 61440 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ea4d3d9-n\decora-sse.dll
2010-06-19 06:24 . 2010-06-19 06:24 499712 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-458ba934-n\jmc.dll
2010-06-19 06:24 . 2010-06-19 06:24 348160 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-458ba934-n\msvcr71.dll
2010-06-19 06:24 . 2010-06-19 06:24 12800 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ea4d3d9-n\decora-d3d.dll
2010-06-19 02:37 . 2010-06-19 02:36 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-06-19 02:36 . 2010-06-19 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-06-04 05:50 . 2009-03-31 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 19:25 . 2010-03-17 02:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 19:25 . 2009-03-14 18:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 02:03 . 2008-12-29 15:59 -------- d-----w- c:\program files\Java
2010-05-26 18:23 . 2010-06-19 23:32 76008 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\UI\CatalystWrapper.exe
2010-05-22 02:39 . 2010-05-22 02:39 61440 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23c04d4f-n\decora-sse.dll
2010-05-22 02:39 . 2010-05-22 02:39 503808 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-15f51638-n\msvcp71.dll
2010-05-22 02:39 . 2010-05-22 02:39 499712 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-15f51638-n\jmc.dll
2010-05-22 02:39 . 2010-05-22 02:39 348160 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-15f51638-n\msvcr71.dll
2010-05-22 02:39 . 2010-05-22 02:39 12800 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23c04d4f-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 17:58 . 2008-12-10 17:41 46280 ----a-w- c:\documents and settings\Cheryll\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2004-08-12 13:33 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-04-27 01:29 . 2009-04-27 01:29 43083040 ----a-w- c:\program files\AdbeRdr910_en_US_Std.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-10 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 20:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/14/2009 2:11 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/16/2010 10:42 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 4:25 PM 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 9:34 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:34]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:34]

2010-07-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{2B15165C-5E77-4C3E-B55B-FDBFB2522652}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{3162801D-C5A3-434D-A486-1C7BB9C85D12}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{B31236F4-6567-4340-9992-0B8F1236EB48}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://filedownload.att.net/Gh/Delicious_2_Web/Game/zylomplayer.cab
.
.
------- File Associations -------
.
.reg=reg_auto_file
.txt=
.
- - - - ORPHANS REMOVED - - - -

BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - c:\progra~1\Crawler\Shared\CShared.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe
AddRemove-InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} - c:\program files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 12:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-24 12:34:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 16:34

Pre-Run: 14,830,137,344 bytes free
Post-Run: 17,968,726,016 bytes free

- - End Of File - - 9908618C03A549E5EFC69B80206AF7F7



I'm using my laptop to connect with you and to communicate.

Edited by SSBBDaisy, 24 July 2010 - 12:04 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:30 PM

Posted 24 July 2010 - 01:16 PM

Hi,

if you are transfering the files with a flash drive please run the following program first:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Then please follow these instructions to run ComboFix and install the Recovery Console:
Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools



  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.





  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

let me know if that works.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 SSBBDaisy

SSBBDaisy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 24 July 2010 - 01:59 PM

Here is the new ComboFix Log:





ComboFix 10-07-23.04 - Cheryll 07/24/2010 14:48:45.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.604 [GMT -4:00]
Running from: c:\documents and settings\Cheryll\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cheryll\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-15 23:21 . 2010-07-15 23:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-07-15 23:18 . 2010-07-15 23:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-13 02:45 . 2010-07-13 02:46 -------- d-----w- c:\documents and settings\PLEX\Application Data\SiteRanker
2010-07-13 02:45 . 2010-07-13 02:46 -------- d-----w- c:\documents and settings\PLEX\Application Data\Inbox Toolbar
2010-07-13 02:45 . 2010-07-13 09:06 -------- d-----w- c:\program files\Crawler
2010-07-12 21:54 . 2010-07-12 21:54 -------- d-----w- c:\documents and settings\PLEX\Application Data\Office Genuine Advantage
2010-07-07 16:46 . 2010-07-07 16:46 -------- d-----w- c:\documents and settings\Cheryll\Local Settings\Application Data\Yahoo
2010-07-06 22:52 . 2010-07-06 22:52 -------- d-sh--w- c:\documents and settings\Cheryll\IECompatCache
2010-07-06 22:42 . 2010-07-06 22:42 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\Yahoo
2010-07-06 22:36 . 2010-07-08 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----w- c:\documents and settings\PLEX\Application Data\Yahoo!
2010-07-06 22:33 . 2010-07-06 22:34 -------- dc-h--w- c:\windows\ie8
2010-07-03 01:18 . 2010-07-06 21:55 -------- d-----w- c:\documents and settings\PLEX\Application Data\playitall
2010-07-02 03:55 . 2010-07-02 04:12 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\Temp
2010-07-02 03:46 . 2010-07-02 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-07-01 00:56 . 2010-07-03 01:17 -------- d-----w- c:\documents and settings\PLEX\Application Data\vlc
2010-06-30 01:28 . 2010-06-30 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-06-30 00:57 . 2010-06-30 00:57 -------- d-----w- c:\documents and settings\PLEX\Application Data\FrimaStudio
2010-06-29 23:51 . 2010-06-30 01:28 -------- d-----w- c:\documents and settings\PLEX\Application Data\PlayFirst
2010-06-29 23:50 . 2010-06-29 23:50 -------- d-----w- c:\program files\MSN Toolbar
2010-06-29 23:49 . 2010-06-29 23:50 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-29 23:29 . 2010-06-29 23:29 -------- d-----w- c:\documents and settings\PLEX\Application Data\Unity
2010-06-29 23:26 . 2010-06-29 23:26 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\Unity
2010-06-29 19:53 . 2010-06-29 19:53 -------- d-----w- c:\documents and settings\PLEX\Local Settings\Application Data\3DVIA
2010-06-29 19:52 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-06-29 19:52 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-06-29 19:51 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-06-29 19:51 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-29 19:51 . 2008-05-30 18:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-06-29 19:51 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-06-29 18:48 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 18:45 . 2009-01-26 00:13 -------- d-----w- c:\program files\DivX
2010-07-16 18:36 . 2010-05-19 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-16 18:36 . 2009-09-05 03:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-13 01:28 . 2010-06-18 01:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-11 07:08 . 2010-05-19 04:53 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 17:41 . 2008-12-26 18:20 -------- d-----w- c:\documents and settings\Cheryll\Application Data\Apple Computer
2010-07-08 15:12 . 2009-04-20 01:32 -------- d-----w- c:\program files\Yahoo!
2010-07-06 22:16 . 2009-08-10 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-02 06:04 . 2009-03-04 01:07 -------- d-----w- c:\program files\Google
2010-06-29 19:42 . 2009-05-05 16:30 38272 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-29 19:42 . 2010-06-19 00:51 -------- d-----w- c:\documents and settings\PLEX\Application Data\Apple Computer
2010-06-24 00:56 . 2010-06-24 00:56 -------- d-----w- c:\documents and settings\PLEX\Application Data\SBTT
2010-06-23 09:17 . 2010-02-18 23:22 -------- d-----w- c:\documents and settings\Cheryll\Application Data\Move Networks
2010-06-23 04:48 . 2010-05-10 21:59 -------- d-----w- c:\program files\Unity
2010-06-23 04:46 . 2010-06-19 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-06-23 04:41 . 2010-06-07 13:59 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-06-23 04:41 . 2009-07-05 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-06-23 04:41 . 2009-07-05 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-06-23 04:00 . 2010-06-23 04:00 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbEC.tmp.exe
2010-06-22 03:59 . 2010-06-22 03:59 -------- d-----w- c:\documents and settings\PLEX\Application Data\Magus
2010-06-22 03:20 . 2010-06-22 03:20 -------- d-----w- c:\documents and settings\PLEX\Application Data\DivX
2010-06-22 02:12 . 2010-06-22 02:11 -------- d-----w- c:\documents and settings\PLEX\Application Data\DriverCure
2010-06-22 02:11 . 2010-06-22 02:11 46280 ----a-w- c:\documents and settings\PLEX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-19 23:33 . 2010-06-19 23:32 421756 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\prodinfo_pressyourluck2010edition_1.0.0.1317.exe
2010-06-19 23:32 . 2010-06-19 23:32 208459 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\brandinfo_wildgames_1.0.0.294.exe
2010-06-19 23:32 . 2010-06-19 23:32 76235 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\pkgtype_1.0.0.63.exe
2010-06-19 23:32 . 2010-06-19 23:32 453445 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Download\catalyst_1.0.0.418.exe
2010-06-19 23:32 . 2010-06-19 23:32 464112 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\Temp\WTDownloader.exe
2010-06-19 15:53 . 2010-06-19 15:53 -------- d-----w- c:\documents and settings\PLEX\Application Data\WildTangent
2010-06-19 06:24 . 2010-06-19 06:24 503808 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-458ba934-n\msvcp71.dll
2010-06-19 06:24 . 2010-06-19 06:24 61440 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ea4d3d9-n\decora-sse.dll
2010-06-19 06:24 . 2010-06-19 06:24 499712 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-458ba934-n\jmc.dll
2010-06-19 06:24 . 2010-06-19 06:24 348160 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-458ba934-n\msvcr71.dll
2010-06-19 06:24 . 2010-06-19 06:24 12800 ----a-w- c:\documents and settings\PLEX\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ea4d3d9-n\decora-d3d.dll
2010-06-19 02:37 . 2010-06-19 02:36 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-06-19 02:36 . 2010-06-19 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-06-04 05:50 . 2009-03-31 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 19:25 . 2010-03-17 02:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 19:25 . 2009-03-14 18:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 02:03 . 2008-12-29 15:59 -------- d-----w- c:\program files\Java
2010-05-26 18:23 . 2010-06-19 23:32 76008 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\pressyourluck2010edition\UI\CatalystWrapper.exe
2010-05-22 02:39 . 2010-05-22 02:39 61440 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23c04d4f-n\decora-sse.dll
2010-05-22 02:39 . 2010-05-22 02:39 503808 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-15f51638-n\msvcp71.dll
2010-05-22 02:39 . 2010-05-22 02:39 499712 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-15f51638-n\jmc.dll
2010-05-22 02:39 . 2010-05-22 02:39 348160 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-15f51638-n\msvcr71.dll
2010-05-22 02:39 . 2010-05-22 02:39 12800 ----a-w- c:\documents and settings\Cheryll\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23c04d4f-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 17:58 . 2008-12-10 17:41 46280 ----a-w- c:\documents and settings\Cheryll\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2004-08-12 13:33 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-04-27 01:29 . 2009-04-27 01:29 43083040 ----a-w- c:\program files\AdbeRdr910_en_US_Std.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-24_16.26.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-24 18:31 . 2010-07-24 18:31 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-10 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 20:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/14/2009 2:11 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/16/2010 10:42 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 4:25 PM 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 9:34 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:34]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:34]

2010-07-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{2B15165C-5E77-4C3E-B55B-FDBFB2522652}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{3162801D-C5A3-434D-A486-1C7BB9C85D12}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{B31236F4-6567-4340-9992-0B8F1236EB48}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://filedownload.att.net/Gh/Delicious_2_Web/Game/zylomplayer.cab
.
.
------- File Associations -------
.
.txt=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 14:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-24 14:58:00
ComboFix-quarantined-files.txt 2010-07-24 18:57
ComboFix2.txt 2010-07-24 16:34

Pre-Run: 17,956,773,888 bytes free
Post-Run: 17,932,316,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E24C7863B9A8FD34D20940E78BBC738A


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:30 PM

Posted 24 July 2010 - 02:05 PM

Hi,

please run a new scan with OTL:
  1. Double click on the icon on your desktop.
  2. Click the "Scan All Users" checkbox.
  3. Select Safelist for the Extra registry
  4. Push the button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 SSBBDaisy

SSBBDaisy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 24 July 2010 - 09:00 PM

Here is the OTL Log. But one thing: Only an OTL log came up. I remember last time I ran OTL the extra document was automatically saved to my usb. I found that weird. One extra text document didn't appear this time when the scan finished. I think it might have copied to the same place and overwrited the old one, not sure but will post it anyway.



Here is OTL Log:

OTL logfile created on: 7/24/2010 4:45:12 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Cheryll\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.74 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.60 Gb Free Space | 85.71% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3
Current User Name: Cheryll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
PRC - [2010/06/02 15:25:43 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 15:24:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/17 16:25:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/17 16:25:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/27 10:36:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Cheryll\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/02 15:25:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 15:25:41 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 16:23:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/03/08 04:53:53 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/09/23 10:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 10:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/12 09:25:23 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/12 09:25:23 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 18:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 11:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/06/29 19:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/30 01:16:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/24 12:26:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://filedownload.att.net/Gh/Delicious_2...zylomplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cheryll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cheryll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/10 13:22:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/24 14:25:48 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/24 14:25:50 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/24 16:44:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
[2010/07/24 14:45:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/24 14:42:51 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2010/07/24 14:25:48 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/07/24 11:46:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/24 11:46:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/24 11:46:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/24 11:46:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/24 11:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/24 11:45:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/15 21:34:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\rundll32.exe
[2010/07/15 21:31:08 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\explorer.exe
[2010/07/12 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010/07/07 12:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryll\Local Settings\Application Data\Yahoo
[2010/07/06 18:52:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Cheryll\IECompatCache
[2010/07/06 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/07/06 18:33:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/01 23:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/06/29 21:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/29 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/06/29 19:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/06/29 15:52:01 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/06/29 15:52:01 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/06/29 15:51:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/06/29 15:51:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/06/29 15:51:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/06/29 15:51:34 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/24 16:44:59 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3162801D-C5A3-434D-A486-1C7BB9C85D12}.job
[2010/07/24 16:44:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B31236F4-6567-4340-9992-0B8F1236EB48}.job
[2010/07/24 15:55:14 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/24 15:04:35 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2B15165C-5E77-4C3E-B55B-FDBFB2522652}.job
[2010/07/24 14:58:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/24 14:55:33 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/24 14:45:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/24 14:43:07 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut (2) to ComboFix.exe.lnk
[2010/07/24 14:42:59 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/24 14:40:12 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2010/07/24 14:31:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/24 14:30:54 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/24 14:30:53 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/24 14:29:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/24 14:29:46 | 1073,213,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 14:28:47 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Cheryll\NTUSER.DAT
[2010/07/24 14:28:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cheryll\ntuser.ini
[2010/07/24 14:28:38 | 002,667,822 | -H-- | M] () -- C:\Documents and Settings\Cheryll\Local Settings\Application Data\IconCache.db
[2010/07/24 12:26:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/24 11:39:28 | 003,742,760 | R--- | M] () -- C:\Documents and Settings\Cheryll\Desktop\ComboFix.exe
[2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
[2010/07/16 14:53:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cheryll\defogger_reenable
[2010/07/16 10:08:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\gmer.zip
[2010/07/16 10:06:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Defogger.exe
[2010/07/16 10:02:50 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\dds.scr
[2010/07/15 18:49:02 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Rachel's pictures.lnk
[2010/07/14 22:28:22 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Internet.lnk
[2010/07/14 16:30:46 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Cheryll\My Documents\spider.sav
[2010/07/13 05:28:16 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/12 19:41:01 | 061,925,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 18:45:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/02 02:04:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Cheryll\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/01 13:43:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 20:10:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB5D95.FOT
[2010/06/29 15:42:44 | 000,038,272 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/24 14:45:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/24 14:45:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/24 14:43:07 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut (2) to ComboFix.exe.lnk
[2010/07/24 14:42:59 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/24 11:46:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/24 11:46:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/24 11:46:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/24 11:46:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/24 11:46:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/24 11:45:00 | 003,742,760 | R--- | C] () -- C:\Documents and Settings\Cheryll\Desktop\ComboFix.exe
[2010/07/23 10:46:02 | 000,180,398 | ---- | C] () -- C:\Documents and Settings\Cheryll\commonpriv.log
[2010/07/23 10:46:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryll\commonpriv.log.lock
[2010/07/16 14:58:47 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\dds.scr
[2010/07/16 14:53:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryll\defogger_reenable
[2010/07/16 14:31:12 | 000,002,690 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\xp_regfile.reg
[2010/07/16 14:11:11 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\xp_exe_fix.reg
[2010/07/16 13:45:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\gmer.zip
[2010/07/16 13:45:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Defogger.exe
[2010/07/16 13:43:09 | 1073,213,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/14 22:28:22 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Internet.lnk
[2010/07/13 19:54:44 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Cheryll\My Documents\spider.sav
[2010/06/29 20:10:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB5D95.FOT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/08 04:53:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/02/11 18:29:21 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/13 15:23:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2008/12/13 15:23:03 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008/12/10 14:33:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE29FBBF
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA0EB21
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91975276
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63596073
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4532973
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331AD5E9
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95546FDA
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:528A8DB3
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68280D1
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFC67DE
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20A5B16A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B6B5197
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E985157
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38673444
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DAABF18
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140CF428
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D455373F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64551561
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C255CAF0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E6661F3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52DDC38
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F2005B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BD8B9DD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD6273E0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:928218FA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097031DF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3AB6321
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38760F1C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE120A60
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F39B6D8
< End of report >






And here might be the extras that I'm not sure of :/


OTL Extras logfile created on: 7/23/2010 11:14:06 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\New Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.86 Gb Free Space | 37.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.60 Gb Free Space | 86.16% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3
Current User Name: Cheryll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cmd [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = reg_auto_file] -- C:\Documents and Settings\Cheryll\Desktop\xp_exe_fix.reg ()
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbs [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"FormatFactory" = FormatFactory 2.20
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2010 2:42:28 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 2:43:57 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 2:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 3:55:16 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 4:55:20 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 5:42:04 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 5:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/16/2010 5:56:42 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 6:00:06 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2010 10:55:05 AM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/16/2010 1:09:23 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/16/2010 1:35:24 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:35:26 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:35:32 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:37:47 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/16/2010 1:42:05 PM | Computer Name = DELL3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/16/2010 1:44:25 PM | Computer Name = DELL3 | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 7/16/2010 2:18:47 PM | Computer Name = DELL3 | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 7/23/2010 10:47:05 AM | Computer Name = DELL3 | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 7/23/2010 10:48:13 AM | Computer Name = DELL3 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >






UPDATE: Did another scan to see if extras would pop up and it didn't just the OLT. sad.gif

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:30 PM

Posted 25 July 2010 - 04:48 AM

Hi,

did you select use safelist for extra registry? If not the extras file won't appear.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 SSBBDaisy

SSBBDaisy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 July 2010 - 08:27 AM

Here is the OTL




OTL logfile created on: 7/25/2010 9:17:24 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Cheryll\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 525.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.74 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3
Current User Name: Cheryll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
PRC - [2010/06/02 15:25:43 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 15:24:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/17 16:25:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/17 16:25:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/27 10:36:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Cheryll\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/02 15:25:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 15:25:41 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 16:23:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/03/08 04:53:53 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/09/23 10:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 10:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/12 09:25:23 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/12 09:25:23 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 18:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 11:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/06/29 19:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/30 01:16:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/24 12:26:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://filedownload.att.net/Gh/Delicious_2...zylomplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cheryll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cheryll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/10 13:22:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/24 14:25:48 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/24 16:44:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
[2010/07/24 14:45:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/24 14:42:51 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2010/07/24 14:25:48 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/07/24 11:46:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/24 11:46:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/24 11:46:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/24 11:46:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/24 11:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/24 11:45:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/15 21:34:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\rundll32.exe
[2010/07/15 21:31:08 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\explorer.exe
[2010/07/12 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010/07/07 12:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryll\Local Settings\Application Data\Yahoo
[2010/07/06 18:52:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Cheryll\IECompatCache
[2010/07/06 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/07/06 18:33:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/01 23:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/06/29 21:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/29 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/06/29 19:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/06/29 15:52:01 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/06/29 15:52:01 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/06/29 15:51:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/06/29 15:51:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/06/29 15:51:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/06/29 15:51:34 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 00:20:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3162801D-C5A3-434D-A486-1C7BB9C85D12}.job
[2010/07/25 00:19:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B31236F4-6567-4340-9992-0B8F1236EB48}.job
[2010/07/24 23:55:14 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/24 21:55:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/24 15:04:35 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2B15165C-5E77-4C3E-B55B-FDBFB2522652}.job
[2010/07/24 14:58:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/24 14:55:33 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/24 14:45:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/24 14:43:07 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut (2) to ComboFix.exe.lnk
[2010/07/24 14:42:59 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/24 14:40:12 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cheryll\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2010/07/24 14:31:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/24 14:30:54 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/24 14:29:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/24 14:29:46 | 1073,213,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 14:28:47 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Cheryll\NTUSER.DAT
[2010/07/24 14:28:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cheryll\ntuser.ini
[2010/07/24 14:28:38 | 002,667,822 | -H-- | M] () -- C:\Documents and Settings\Cheryll\Local Settings\Application Data\IconCache.db
[2010/07/24 12:26:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/24 11:39:28 | 003,742,760 | R--- | M] () -- C:\Documents and Settings\Cheryll\Desktop\ComboFix.exe
[2010/07/23 10:37:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryll\Desktop\OTL.exe
[2010/07/16 14:53:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cheryll\defogger_reenable
[2010/07/16 10:08:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\gmer.zip
[2010/07/16 10:06:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Defogger.exe
[2010/07/16 10:02:50 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\dds.scr
[2010/07/15 18:49:02 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Rachel's pictures.lnk
[2010/07/14 22:28:22 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cheryll\Desktop\Internet.lnk
[2010/07/14 16:30:46 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Cheryll\My Documents\spider.sav
[2010/07/13 05:28:16 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/12 19:41:01 | 061,925,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 18:45:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/02 02:04:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Cheryll\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/01 13:43:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 20:10:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB5D95.FOT
[2010/06/29 15:42:44 | 000,038,272 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/24 14:45:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/24 14:45:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/24 14:43:07 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut (2) to ComboFix.exe.lnk
[2010/07/24 14:42:59 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Shortcut to ComboFix.exe.lnk
[2010/07/24 11:46:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/24 11:46:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/24 11:46:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/24 11:46:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/24 11:46:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/24 11:45:00 | 003,742,760 | R--- | C] () -- C:\Documents and Settings\Cheryll\Desktop\ComboFix.exe
[2010/07/23 10:46:02 | 000,184,174 | ---- | C] () -- C:\Documents and Settings\Cheryll\commonpriv.log
[2010/07/23 10:46:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryll\commonpriv.log.lock
[2010/07/16 14:58:47 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\dds.scr
[2010/07/16 14:53:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheryll\defogger_reenable
[2010/07/16 14:31:12 | 000,002,690 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\xp_regfile.reg
[2010/07/16 14:11:11 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\xp_exe_fix.reg
[2010/07/16 13:45:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\gmer.zip
[2010/07/16 13:45:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Defogger.exe
[2010/07/16 13:43:09 | 1073,213,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/14 22:28:22 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cheryll\Desktop\Internet.lnk
[2010/07/13 19:54:44 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Cheryll\My Documents\spider.sav
[2010/06/29 20:10:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB5D95.FOT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/08 04:53:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/02/11 18:29:21 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/13 15:23:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2008/12/13 15:23:03 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008/12/10 14:33:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE29FBBF
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA0EB21
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91975276
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63596073
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4532973
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331AD5E9
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95546FDA
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:528A8DB3
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68280D1
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFC67DE
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20A5B16A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B6B5197
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E985157
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38673444
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DAABF18
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140CF428
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D455373F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64551561
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C255CAF0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E6661F3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52DDC38
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F2005B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE2CBE9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BD8B9DD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD6273E0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:928218FA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097031DF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3AB6321
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38760F1C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE120A60
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F39B6D8
< End of report >










Here is the Extras:




OTL Extras logfile created on: 7/25/2010 9:17:24 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Cheryll\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 525.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.74 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3
Current User Name: Cheryll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1060284298-1682526488-854245398-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"FormatFactory" = FormatFactory 2.20
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2010 4:45:04 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2010 4:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 5:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 6:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 7:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 8:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 9:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 9:58:10 PM | Computer Name = DELL3 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2010 10:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 11:55:14 PM | Computer Name = DELL3 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/24/2010 2:46:08 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2010 3:16:09 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/24/2010 3:16:09 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2010 4:16:10 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/24/2010 4:16:11 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2010 6:16:12 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 240 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/24/2010 6:16:12 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 240 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2010 10:16:16 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 480 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/24/2010 10:16:16 PM | Computer Name = DELL3 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 480 minutes. NtpClient has no source of accurate
time.

Error - 7/25/2010 9:18:02 AM | Computer Name = DELL3 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)


< End of report >


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:30 PM

Posted 25 July 2010 - 01:01 PM

Hi,

that log looks pretty good actually. What problems remain? Can you open all the files on your PC or do you still get some that open the dialogue where you have to select the program to open it with?

Have you tried to restore the internet connection with the information of your network?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 SSBBDaisy

SSBBDaisy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 July 2010 - 02:16 PM

Well when I open Internet Explorer it always says "return to last session?" And if I click yes it spams Internet Explorer pages (like 5 of them). And the internet dosen't work still. I still can't open some files like my sis's rosetta stone, or pinball. Another thing I forgot to mention which is probably very important is that ALL of the files that don't work are changed to .lnk Honestly I think that is the problem but I don't know how and I can't change each file like this Plus I don't know all the .(whatever goes after the name) for each file sad.gif. Is there anyway to fix it to there appropriate .endings?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:30 PM

Posted 25 July 2010 - 02:38 PM

Hi,

please try to reset Internet Explorer and let me know if that helps: http://support.microsoft.com/kb/923737

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 SSBBDaisy

SSBBDaisy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 26 July 2010 - 08:40 AM

Ok I did it but still the internet won't work and it is the computer. I put the information in correctly and the internet for my sis's computer wouldn't work with my service and her own service. There were two different errors when I tried to use the "repair" to repair our connection: For my service it said it couldn't renew IP address. I tried to go into start>run>cmd>Enter to open the command window and do ipconfig /release and ipconfig /renew which did not work (it couldn't renew the ip address. Then with my sis's service the error was could not connect to wireless connection. I've tried a lot and nothing has worked sad.gif.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users