Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus/trojan I need help with removing


  • Please log in to reply
18 replies to this topic

#1 sbkoala70

sbkoala70

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 05 March 2011 - 12:19 PM

I have a Dell laptop with Windows XP. It suddenly has a white with green trimmed shield with a green "A" in the center of it located in the system tray and the bottom of the screen. Its generating tons of pops telling me of infections, trojans, and vulnerabilities. I've experience similar things in the past that you all helped me get rid of (well over a year ago) but this is new.

I have screenshots saved in a Word document but I don't see a way to attach it here. Anyway to get those to someone? And in the meantime, are the some logs of some sort that I can generate and post to assist with figurin

Edited by sbkoala70, 05 March 2011 - 12:19 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:23 AM

Posted 05 March 2011 - 01:16 PM

Hi sbkoala70,

When you get these popups telling you of the infections, is there a name to the program running?
Have you tried running MBAM?

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Run a scan and post the report from it.

Thanks

Edited by Starbuck, 05 March 2011 - 01:16 PM.

BBPP6nz.png


#3 sbkoala70

sbkoala70
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 05 March 2011 - 01:37 PM

Sorry, I realized I didn't give a lot of info as I was hoping there was a way to get you the screenshots. I already have and ran MalwareBytes but it wouldn't get rid of everything initially and said to reboot. Once I rebooted, I could no longer open MalwareBytes or most anything else (MS Word, Paint, anything). I can still get to the internet but the number of window popping up is nuts.

Here is what several of the messages say:

"Error loading C:\Users\Mom & Dad\AppData\Local\ewaqafotoce.dll
The specified module could not be found."

"Virus Alert! Application can't be started! The file wuauclt.exe is damaged. Do you want to activate your antivirus software now? (yes/no)"

"INFILTRATION ALERT"

"Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.

DETAILS
Attack from : 140.120.30.165, port 43719
Attack port: 22479
Threat: BankerFox.A

Do you want block this attack? (Yes/NO"

I found on the forum someone else that mentioned the very same messages and was starting to follow the advice given there by using my other computer to download this FixExe.reg, rkill and SAS. I've gotten as far as the SAS (once I was finally able to get my computer to boot up in safe mode).

If I am doing the wrong thing or you have difference advice, please let me know. Thanks for the quick response BTW.

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:23 AM

Posted 05 March 2011 - 01:52 PM

Hi sbkoala70,

Ok, i think i understand now.

Try this:

Download FixExe.reg

double-click on the FixExe.reg file. When Windows prompts whether or not you want to allow the data to be added to your computer, click on the Yes button.

Then see if MBAM will update.
If so, update it and run another scan.
Let me have the report if available.

Thanks

Edited by Starbuck, 05 March 2011 - 01:59 PM.

BBPP6nz.png


#5 sbkoala70

sbkoala70
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 05 March 2011 - 02:12 PM

Well, I can now open MBAM but I cannot update it. I get the following message:

"An error occured. Please report the following error code to the Malwarebytes Anti-Malware support team.

Error code: 732(12029,0)"

Also, just to note that after running the SAS (Superantivirus....something) I am not longer getting those pop-ups and that white and green shield is gone from the task tray.

I also apprear to be able to open Word and other programs now without errors.

I did do the FixExe thing (I had actually already did that one earlier, but did it again).

And I am running MBAM without updating in the meantime and will post the log when done. If you have a way that I can update it, I'll rerun it.

Edited by sbkoala70, 05 March 2011 - 02:42 PM.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:23 AM

Posted 05 March 2011 - 02:49 PM

Hi sbkoala70,

Please bare with me while i get a Moderator to move this thread.
Once it's moved to the malware removal forum i'll be able to help you better.
I'll reply again once the thread has been moved.

BBPP6nz.png


#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,808 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:23 PM

Posted 05 March 2011 - 02:53 PM

Hello,

I'm moving this to the log forum. The link remains the same.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 sbkoala70

sbkoala70
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 05 March 2011 - 02:59 PM

Wow, thanks for the updates. You guys are ON it today. Very fast assistance and MUCH appreciated. My MBAM scan is STILL running, but thus far, it hasn't found anything. Maybe that SuperAntispyware took care of it. That, or its just not finding anything because I can't update it. Anyway, you guys are awesome and I'll get my log posted with this scan finally finishes.

#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:23 AM

Posted 05 March 2011 - 03:01 PM

Many thanks Orange Blossom
------------

Hi again sbkoala70,

Let's get a better look at what is happening:

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Posted Image
  • Now copy the lines in bold below.

    netsvcs
    msconfig
    activex
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %PROGRAMFILES%\*
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
    .
  • Click the Run Scan button.

    Posted Image
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


Thanks

BBPP6nz.png


#10 sbkoala70

sbkoala70
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 05 March 2011 - 03:58 PM

Logs from OTL scan:

OTL logfile created on: 3/5/2011 2:11:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Mom & Dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 133.42 Gb Free Space | 60.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.36 Gb Free Space | 53.64% Space Free | Partition Type: NTFS
Drive E: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAPTOP-PC | User Name: Mom & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mom & Dad\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\dlbccoms.exe ( )
PRC - C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Mom & Dad\Downloads\OTL.scr (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DellAMBrokerService) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (dlbc_device) -- C:\Windows\System32\dlbccoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Users\Mom & Dad\Desktop\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Users\Mom & Dad\Desktop\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (datunidr) -- C:\Windows\System32\drivers\datunidr.sys (Gteko Ltd.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (PTproct) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080612
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33554

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {666DB9EA-A149-4CF8-854F-36F6E9336B65}:1.9.1
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/09/03 14:54:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 08:37:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 08:37:10 | 000,000,000 | ---D | M]

[2010/03/15 01:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Extensions
[2009/10/30 20:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/15 01:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/04 15:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ogmyogvj.default\extensions
[2010/06/29 16:10:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ogmyogvj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/29 16:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ogmyogvj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2010/07/28 14:43:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ogmyogvj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ogmyogvj.default\searchplugins\BearShareWebSearch.xml
[2011/02/01 11:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 14:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/19 03:10:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/01 11:36:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/18 16:21:10 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MOM & DAD\APPDATA\LOCAL\{666DB9EA-A149-4CF8-854F-36F6E9336B65}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Users\Mom & Dad\Desktop\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bluevalleyk12.org ([bvpo] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/29 10:58:44 | 000,000,034 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PC_Clickme.exe -- [2006/03/15 18:40:28 | 001,205,666 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk - C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe - (Matsubleepa Electric Industrial Co., Ltd.)
MsConfig - StartUpReg: DELL Webcam Manager - hkey= - key= - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: DellAutomatedPCTuneUp - hkey= - key= - C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: My Web Search Bar Search Scope Monitor - hkey= - key= - File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey= - key= - File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "bootini" - 0
MsConfig - State: "startup" - 2

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 12:15:52 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/05 12:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/05 12:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/05 12:15:47 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\Desktop\Plugins
[2011/03/05 12:15:47 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\Desktop\Language
[2011/02/24 03:02:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/24 03:01:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/24 03:00:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/24 03:00:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/24 03:00:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/24 03:00:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/24 03:00:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/24 03:00:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/24 03:00:56 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/24 03:00:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/24 03:00:56 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/24 03:00:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/24 03:00:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/24 03:00:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/24 03:00:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/24 03:00:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/24 03:00:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/18 16:21:10 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{666DB9EA-A149-4CF8-854F-36F6E9336B65}
[2011/02/18 13:05:46 | 002,423,752 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Mom & Dad\Desktop\SUPERAntiSpyware.exe
[2011/02/16 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\Documents\Megan Computer Apps
[2011/02/08 22:05:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/08 22:05:05 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/08 22:05:04 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/08 22:05:04 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/08 22:05:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/08 22:05:04 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/08 22:05:04 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/08 22:05:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/08 22:05:03 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/08 22:05:03 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/08 22:05:03 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/08 22:05:03 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/08 22:05:02 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/08 22:05:02 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/08 22:05:02 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/08 22:05:02 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/08 22:05:02 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/08 22:05:02 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/08 22:05:01 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/08 22:05:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/08 22:05:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/08 22:05:00 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/08 22:05:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/08 22:05:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/08 20:46:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/08 20:46:07 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/08 20:46:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/08 20:46:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/08 20:46:06 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/08 20:46:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/08 20:46:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/08 20:46:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/08 20:46:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/08 20:46:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/08 20:46:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/08 20:46:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/08 20:46:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/08 20:46:05 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/08 20:46:05 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/08 20:46:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/08 20:46:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/08 20:46:04 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/08 20:46:01 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/08 20:46:01 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/08 20:44:39 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/08 20:44:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2007/03/01 14:52:06 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2007/03/01 14:52:04 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2007/03/01 14:52:04 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2007/02/02 05:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 04:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 16:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 16:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 16:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 15:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 15:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 15:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 15:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 15:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 15:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 15:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 15:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/03/05 13:10:12 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/05 13:10:12 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/05 12:59:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 12:59:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 12:58:38 | 000,270,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/05 12:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/05 12:58:20 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 12:15:53 | 000,027,648 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\Uninstall.dat
[2011/03/05 12:15:47 | 000,001,416 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/05 09:56:21 | 000,000,117 | ---- | M] () -- C:\Users\Mom & Dad\jagex_runescape_preferences2.dat
[2011/03/05 08:56:21 | 000,000,046 | ---- | M] () -- C:\Users\Mom & Dad\jagex_runescape_preferences.dat
[2011/03/05 08:34:24 | 000,003,066 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Local\Igunobunitob.dat
[2011/03/04 21:48:07 | 000,000,000 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Local\Bzirucatofok.bin
[2011/03/04 08:49:59 | 001,399,225 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\PROCESSLISTRELATED.DB
[2011/03/04 08:49:28 | 042,087,466 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\PROCESSLIST.DB
[2011/02/25 17:35:37 | 000,056,832 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 13:05:46 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Mom & Dad\Desktop\SUPERAntiSpyware.exe
[2011/02/12 14:36:44 | 000,005,972 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Local\d3d9caps.dat
[2011/02/08 18:32:39 | 000,870,128 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Roaming\mcs.rma
[2011/02/08 18:32:39 | 000,000,004 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Roaming\7B30BB

========== Files Created - No Company Name ==========

[2011/03/05 12:58:20 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/05 12:15:52 | 000,027,648 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\Uninstall.dat
[2011/03/05 12:15:47 | 000,001,416 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/04 08:49:59 | 001,399,225 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\PROCESSLISTRELATED.DB
[2011/03/04 08:49:28 | 042,087,466 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\PROCESSLIST.DB
[2011/02/24 03:00:51 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 03:00:51 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 03:00:51 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/18 16:21:12 | 000,000,000 | ---- | C] () -- C:\Users\Mom & Dad\AppData\Local\Bzirucatofok.bin
[2011/02/18 16:21:11 | 000,003,066 | ---- | C] () -- C:\Users\Mom & Dad\AppData\Local\Igunobunitob.dat
[2010/12/17 19:32:05 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/11/17 22:56:14 | 000,000,004 | ---- | C] () -- C:\Users\Mom & Dad\AppData\Roaming\7B30BB
[2009/11/17 22:56:13 | 000,870,128 | ---- | C] () -- C:\Users\Mom & Dad\AppData\Roaming\mcs.rma
[2009/09/10 16:49:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 16:49:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/12 11:05:14 | 000,000,176 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/03/10 19:30:46 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
[2009/03/05 16:06:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
[2008/11/26 20:27:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/25 20:59:45 | 000,000,000 | ---- | C] () -- C:\Users\Mom & Dad\AppData\Roaming\WGC_Client Preferences
[2008/09/09 19:56:45 | 000,005,972 | ---- | C] () -- C:\Users\Mom & Dad\AppData\Local\d3d9caps.dat
[2008/07/24 09:23:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/16 23:43:54 | 000,056,832 | ---- | C] () -- C:\Users\Mom & Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 05:21:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/12 05:21:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/12 05:21:28 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/12 05:21:28 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/12 05:21:28 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/12 05:21:27 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/12 02:43:56 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/06/12 02:40:39 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/06/12 02:40:39 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/06/12 02:40:39 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/02/03 17:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/07/25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/02/02 05:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 04:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,270,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 12:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll

========== LOP Check ==========

[2010/10/22 15:23:12 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Audacity
[2010/01/12 20:24:11 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\EuroTalk
[2010/01/08 19:52:53 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\GamesCafe
[2010/06/23 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\GetRightToGo
[2009/10/30 21:16:15 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\IMVU
[2009/10/30 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\IMVUClient
[2010/03/15 01:11:08 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\MusicNet
[2008/07/04 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Panasonic
[2010/01/11 19:12:36 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\PlayFirst
[2008/11/08 21:33:44 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Pogo Games
[2009/12/13 18:50:45 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Tific
[2008/06/26 13:15:00 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\tmp
[2011/01/19 16:38:21 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Unity
[2011/03/05 11:42:17 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 11:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %PROGRAMFILES%\* >
[2008/01/20 20:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:D99A9131
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:60A06E3E
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:F81998E4
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:06D5093F
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:A71D3858
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7C017FB1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:20C69EEE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:73FA3CC9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0127DBDE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6A5004EB
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F7E83BDD

< End of report >

and the next:

OTL Extras logfile created on: 3/5/2011 2:11:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Mom & Dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 133.42 Gb Free Space | 60.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.36 Gb Free Space | 53.64% Space Free | Partition Type: NTFS
Drive E: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAPTOP-PC | User Name: Mom & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15726A2A-BC7C-41F7-9215-C56EDE15E597}" = rport=445 | protocol=6 | dir=out | app=system |
"{182CCE24-D966-401F-AACE-6F72AE6947C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{3A2ED3E8-56CE-4483-8472-723A3CB4AE37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D5A4076-319F-4E4E-B016-0EDA38A56AA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5D3D8364-AAAE-4DA4-9A7D-D19CC15F6EF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E506212-62D8-41F7-98F7-EAB068CC1474}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F3AE9B5-AFBC-4E68-AD9E-047A3F737573}" = lport=445 | protocol=6 | dir=in | app=system |
"{8AC93415-A525-4B59-8DE0-951121130C8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AEB075CA-CA8F-42B4-80B1-AF838A014800}" = rport=139 | protocol=6 | dir=out | app=system |
"{B34D68D5-973A-47D7-94AB-D6E320AFBF42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA4E71F1-8244-45EE-88CE-A5885A5E7692}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{BA909C72-4827-41AE-9043-681F21867A21}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{C9B4B01E-2515-4939-8F25-2DB737FDF49C}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC1C5A82-CFE4-46B9-88F9-AE199C495285}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029285DC-CA6F-4FCA-92CE-0C565C286D73}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{06EA5D7E-C047-4626-AD5C-E441C1784A1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{080E8ED5-06F2-4F91-B02E-23216FBB5C9F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0BEFD03E-C7A5-4EA8-AD33-CE4E1F8D67C0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0C9F9B1E-AD10-44E9-A359-B0600E6C5A3E}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{189379F6-80C8-49A7-BEB7-FAE3CE0E6BF5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1F3A7C30-E5DB-49A5-AAAF-4DE7B6EDCDED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2DCBBEDA-B58D-464A-9E8A-044D436074BB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{393DED17-2575-4FBB-A6CE-8D9C0A5834D9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{40C0580F-6A9D-453B-9139-C713A65E364E}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{43F2FD01-7CB3-4B59-8DEA-62959218763F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{71D42DDB-565C-449D-932C-002F611C58BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8BCDCE99-5C11-4627-83EA-D5977665DEE2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8D00BA2E-FC61-4364-86A1-55D05D3F5AF6}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{AE5E5622-2869-4EB6-9054-D5182D5E5B5D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0DA27B4-EB88-44A5-BF1D-11D3C6B4D9C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2C460F2-04FF-4CBF-A57D-7C6CC75E85F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3BE5D53-F35C-4946-85D3-276E811C5559}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{D44261E5-743A-4D2B-8718-2434A80FC0CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D52BEFF1-AA0C-4059-9019-70A55986D42B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{D673C7BE-B774-4C80-8937-E1D249469C9A}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{DBF17A36-FD42-43AC-8F9F-6A0D017F3B5C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E0E34EF5-D1FA-4AE1-9508-FAB46C9D6FB9}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E656DB5B-EB13-4FBB-85EB-1010245C3E8F}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{E94FAFA7-0BEE-4CC0-AE74-D9135B82E41A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{EFA78A69-A501-4F1D-8C9E-3930513CC741}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F8A99B55-7D0F-4F6A-8C4F-834B59F5656D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8CE2AE6-E9E4-495C-AFD2-E6E900FAF185}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FAD4868F-DBB1-4394-920F-A7F9ABC46DCA}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"TCP Query User{20F4B6E6-64DE-4921-84A3-DEE649FE8729}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{5FC9561C-03BB-4811-AB8F-EA85E183546E}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{93F30E0E-593F-4D38-A701-509C34D3A67E}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{E3CC601F-3B7F-43D9-A889-5892D465A734}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2138E02C-94EE-4713-8767-8D4FF635989A}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{6E249002-F299-4CE4-89C2-18537342EA14}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6F882202-15C2-4803-B8BE-7BD301C7CDC5}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{D44B1E81-A104-44BC-8EAF-C3B97F88F077}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{38D097C0-EAA2-012B-ADC2-000000000000}" = TurboTax 2009 wksiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F638781-7754-411F-974C-F20F27292E24}" = VideoCam Suite
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F26615EF-AF0A-486C-99C9-B65C8C401EBC}" = EuroTalk Talk Now!
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BFG-Insaniquarium! Deluxe" = Insaniquarium! Deluxe
"Card Games Collection_is1" = Card Games Collection
"CLUE Classic" = CLUE Classic (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Diner Dash" = Diner Dash
"Diner Dash - Flo on the Go" = Diner Dash - Flo on the Go
"Diner Dash 2" = Diner Dash 2
"Diner Dash Hometown Hero - Gourmet" = Diner Dash Hometown Hero - Gourmet
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iWinArcade" = iWin Games (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NortonPCCheckup" = Norton PC Checkup
"Operation Mania Free Trial_is1" = Operation Mania Free Trial
"Plantasia Free Trial_is1" = Plantasia Free Trial
"ProInst" = Intel® PROSet/Wireless Software
"Ranch Rush Free Trial_is1" = Ranch Rush Free Trial
"Rhapsody" = Rhapsody
"SnapNShare" = Snap 'n Share
"TurboTax 2009" = TurboTax 2009
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2010 5:01:08 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 11/19/2010 5:01:40 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2010 5:01:40 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2010 5:01:40 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 11/19/2010 5:02:11 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2010 5:02:11 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2010 5:02:11 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 11/19/2010 5:02:42 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2010 5:02:42 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/19/2010 5:02:42 AM | Computer Name = Laptop-PC | Source = MsiInstaller | ID = 1024
Description =

[ Media Center Events ]
Error - 11/7/2008 10:31:59 PM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/13/2008 5:08:30 PM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/20/2008 5:30:00 PM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/10/2009 5:58:17 PM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 6/1/2009 11:36:37 PM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/9/2009 10:35:23 AM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/12/2009 11:29:41 PM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/27/2010 8:00:39 PM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 3/17/2010 5:37:12 AM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/10/2010 5:41:17 AM | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/5/2011 1:55:01 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/5/2011 1:55:01 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/5/2011 1:55:01 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/5/2011 1:55:04 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/5/2011 1:55:05 PM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
Description =

Error - 3/5/2011 1:55:06 PM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
Description =

Error - 3/5/2011 1:55:06 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/5/2011 3:00:03 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/5/2011 3:00:03 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/5/2011 3:33:32 PM | Computer Name = Laptop-PC | Source = bowser | ID = 8003
Description =


< End of report >

#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:23 AM

Posted 05 March 2011 - 06:19 PM

Hi sbkoala70,

Before we start:

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent, Bearshare etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.


Step 1
Double click on OTL.exe to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

:otl
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="
[2010/04/12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ogmyogvj.default\searchplugins\BearShareWebSearch.xml
[2010/04/12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33554
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PC_Clickme.exe -- [2006/03/15 18:40:28 | 001,205,666 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
MsConfig - StartUpReg: My Web Search Bar Search Scope Monitor - hkey= - key= - File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey= - key= - File not found
[2011/03/05 08:34:24 | 000,003,066 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Local\Igunobunitob.dat
[2011/03/04 21:48:07 | 000,000,000 | ---- | M] () -- C:\Users\Mom & Dad\AppData\Local\Bzirucatofok.bin
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:D99A9131
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:60A06E3E
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:F81998E4
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:06D5093F
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:A71D3858
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7C017FB1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:20C69EEE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:73FA3CC9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0127DBDE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6A5004EB
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F7E83BDD

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.

    Posted Image
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


In your next reply, please submit:
OTL fix report
and let me know how the system is running now.


Thanks.

BBPP6nz.png


#12 sbkoala70

sbkoala70
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 05 March 2011 - 11:42 PM

Sorry for the delay. We were not home for a bit.

Anyway, my log is posted below and I appreciate the info on the P2P. I assure you if I could find a way to get it thru my kids heads to not go to these sites that they "think" are harmless or "I'm just playing this game that one of my friends told me about" I'd certainly do it. The Bearshare one is definitely a think I recognize that one of my three kids has used or gone to in the past, whatever it is. The other names I don't even recognize or know what they are. Although that stupd My Web Search has been a pain in our butts more than once. I think it comes in one some free trial download thing for games. Anyway, thanks again and here in the latest log.

All processes killed
========== OTL ==========
Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
Prefs.js: "BearShare Web Search" removed from browser.search.order.1
Prefs.js: "http://search.bearshare.com/web?src=ffb&q=" removed from keyword.URL
C:\Users\Mom & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\ogmyogvj.default\searchplugins\BearShareWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1edc9e7e-382f-11dd-ae09-806e6f6e6963}\ not found.
File move failed. E:\PC_Clickme.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdb44dd0-5994-11dd-a19b-001d0956edc1}\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
G:\LaunchU3.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\My Web Search Bar Search Scope Monitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MyWebSearch Email Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MyWebSearch Plugin\ deleted successfully.
C:\Users\Mom & Dad\AppData\Local\Igunobunitob.dat moved successfully.
C:\Users\Mom & Dad\AppData\Local\Bzirucatofok.bin moved successfully.
ADS C:\ProgramData\TEMP:D99A9131 deleted successfully.
ADS C:\ProgramData\TEMP:60A06E3E deleted successfully.
ADS C:\ProgramData\TEMP:F81998E4 deleted successfully.
ADS C:\ProgramData\TEMP:06D5093F deleted successfully.
ADS C:\ProgramData\TEMP:A71D3858 deleted successfully.
ADS C:\ProgramData\TEMP:7C017FB1 deleted successfully.
ADS C:\ProgramData\TEMP:20C69EEE deleted successfully.
ADS C:\ProgramData\TEMP:73FA3CC9 deleted successfully.
ADS C:\ProgramData\TEMP:0127DBDE deleted successfully.
ADS C:\ProgramData\TEMP:6A5004EB deleted successfully.
ADS C:\ProgramData\TEMP:FACB65E7 deleted successfully.
ADS C:\ProgramData\TEMP:F7E83BDD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mom & Dad\Downloads\cmd.bat deleted successfully.
C:\Users\Mom & Dad\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temporary Internet Files folder emptied: 147456 bytes

User: Mom & Dad
->Temp folder emptied: 21422881 bytes
->Temporary Internet Files folder emptied: 440171394 bytes
->Java cache emptied: 121711639 bytes
->FireFox cache emptied: 57227270 bytes
->Flash cache emptied: 2017174 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55788375 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 30971901 bytes

Total Files Cleaned = 696.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kids

User: Mom & Dad
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03052011_221440

Files\Folders moved on Reboot...
File move failed. E:\PC_Clickme.exe scheduled to be moved on reboot.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:23 AM

Posted 06 March 2011 - 05:48 AM

Hi sbkoala70

Sorry for the delay. We were not home for a bit.

That's fine, just reply when you can.
We won't rush you.

I know just what you mean about kids. :crazy:

Let's see if MBAM will update now.

Step 1
Recommendation.
SuperAntiSpyware doesn't need to start when Windows starts.
You can start it manually when you need to do a scan.

To change this:
Restart SuperAntiSpyware...
Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
Then click Close. and then Close on the next screen to exit the program.

Step 2
Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

Posted Image

Click Check for Updates

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Let me know how the update goes and post the new report if available.

Thanks

BBPP6nz.png


#14 sbkoala70

sbkoala70
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 06 March 2011 - 09:19 AM

MBAM successfully updated this time and here is the log after doing a full scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/6/2011 8:16:14 AM
mbam-log-2011-03-06 (08-16-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 255296
Time elapsed: 1 hour(s), 16 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:23 AM

Posted 06 March 2011 - 11:19 AM

Hi sbkoala70,

It's not surprising that MBAM hasn't found anything...

This is the header from your MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

This is from mine today:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5974

as you can see you are 1922 updates behind.

Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

Posted Image

Click Check for Updates

If it says that MBAM needs to close to update it... let it close and then restart.

Click Check for Updates again after the program has updated. ( this will get the latest database)

Then click the Scan button.

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Let me have the report from the updated scan.


Btw:

It suddenly has a white with green trimmed shield with a green "A" in the center of it located in the system tray and the bottom of the screen.

I think i've tracked the rogue program down.
Does this look familiar?

Posted Image

Thanks

Edited by Starbuck, 06 March 2011 - 12:07 PM.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users