1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I have been infected by worm.win32.netsky

Discussion in 'Virus & Other Malware Removal' started by butterflywing14, Jan 24, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    Hello,
    I recently was having problems with firefox redirecting and internet explorer opening up in the task manager processes even though i NEVER use it. My computer has also recently been giving me the blue screen of death and now it just rebooted on its own and gave me a message about my computer being infected by worm.win32.netsky. It disabled my task manager which i was able to get back by changing the value for "DisableTaskMgr" under [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] to zero instead of one. I'm not sure what else to do at this point to eliminate the virus.

    I am running Vista on a Gateway laptop

    Here is my HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:53:37 AM, on 1/24/2010
    Platform: Unknown Windows (WinNT 6.00.1905 SP1)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\regedit.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\users\Kedra\Documents\Desktop Stuff\Hijackthis folder\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\winlogon32.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
    O4 - HKLM\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
     
  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello butterflywing14,

    Welcome to the Malware forum.

    • Please download OTL to your Desktop
    • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

    Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
     
  3. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    Hello,
    Having major trouble, I cannot connect to the OTL link you gave me. The page says:

    Server not found

    Firefox can't find the server at oldtimer.geekstogo.com.
    * Check the address for typing errors such as
    ww.example.com instead of
    www.example.com

    * If you are unable to load any pages, check your computer's network
    connection.

    * If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.


    I downloaded the safari browser and it would not connect to the link either. Not sure how to download OTL if i cannot get on the page. Is there another way?
     
  4. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Check your messages :)
     
  5. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    Hello,
    It has taken me hours to try and get my browser to keep from crashing so I could post the log. I ran a scan with malwarebytes which quarantined a bunch of malware and things which has given me the chance to use the safari browser without it crashing. It appears to have fixed the problem however my computer is running super slow now and this "internet security 2010" thing has been reinstalling itself when I reboot so I'm not sure its gone for good. Well, here is my log from OTL:

    OTL logfile created on: 1/26/2010 1:24:41 PM - Run 1
    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Kedra\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18882)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2040 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.60 Gb Total Space | 4.23 Gb Free Space | 3.05% Space Free | Partition Type: NTFS
    Drive D: | 10.45 Gb Total Space | 4.47 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 1.89 Gb Total Space | 1.52 Gb Free Space | 80.74% Space Free | Partition Type: FAT
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PC
    Current User Name: Kedra
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/01/26 11:35:01 | 00,472,064 | ---- | M] ( ) -- C:\Users\Kedra\Desktop\RootRepeal.exe
    PRC - [2010/01/26 09:25:25 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTL.exe
    PRC - [2009/12/30 14:55:16 | 01,389,904 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\myhelp.exe
    PRC - [2009/09/22 11:50:36 | 00,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
    PRC - [2009/02/23 05:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/10/28 22:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/01/18 23:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
    PRC - [2008/01/18 23:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
    PRC - [2008/01/18 23:33:39 | 00,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
    PRC - [2008/01/17 08:51:02 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
    PRC - [2006/11/17 13:58:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PRC - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/01/26 09:25:25 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTL.exe
    MOD - [2008/01/18 23:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
    SRV - File not found [Auto | Stopped] -- -- (MSK80Service)
    SRV - File not found [Auto | Stopped] -- -- (MpfService)
    SRV - File not found [Auto | Stopped] -- -- (McNASvc)
    SRV - [2009/07/02 08:01:21 | 00,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
    SRV - [2008/01/29 09:09:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/11/11 19:57:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/08/18 10:16:16 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
    SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
    SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}:1.3.3
    FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 09:27:23 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 09:27:23 | 00,000,000 | ---D | M]

    [2008/08/31 06:59:53 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\mozilla\Extensions
    [2008/08/18 17:08:04 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\mozilla\Extensions\[email protected]
    [2010/01/25 21:18:30 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\mozilla\Firefox\Profiles\8cyv0rxm.default\extensions
    [2010/01/24 19:37:53 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kedra\AppData\Roaming\mozilla\Firefox\Profiles\8cyv0rxm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/01/20 18:12:31 | 00,000,000 | ---D | M] (Calorie Count Toolbar) -- C:\Users\Kedra\AppData\Roaming\mozilla\Firefox\Profiles\8cyv0rxm.default\extensions\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
    [2008/03/16 12:32:50 | 00,001,877 | ---- | M] () -- C:\Users\Kedra\AppData\Roaming\Mozilla\FireFox\Profiles\8cyv0rxm.default\searchplugins\aolsearch.xml
    [2008/01/23 10:33:01 | 00,002,920 | ---- | M] () -- C:\Users\Kedra\AppData\Roaming\Mozilla\FireFox\Profiles\8cyv0rxm.default\searchplugins\daemon-search.xml
    [2007/08/18 08:39:20 | 00,002,386 | ---- | M] () -- C:\Users\Kedra\AppData\Roaming\Mozilla\FireFox\Profiles\8cyv0rxm.default\searchplugins\siteadvisor.xml
    [2009/11/17 20:18:18 | 00,001,713 | ---- | M] () -- C:\Users\Kedra\AppData\Roaming\Mozilla\FireFox\Profiles\8cyv0rxm.default\searchplugins\youtube-video-search.xml
    [2007/11/02 12:08:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/08/31 06:59:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    [2007/10/22 11:02:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions(76)
    [2007/10/23 08:17:32 | 00,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions(76)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2007/10/23 08:17:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions(76)\[email protected]
    [2008/06/17 22:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/10/07 22:09:43 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    [2008/03/16 11:54:10 | 00,001,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

    O1 HOSTS File: ([2010/01/05 15:08:21 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\myhelp.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] File not found
    O4 - HKLM..\Run: [smss32.exe] C:\Windows\System32\smss32.exe ()
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
    O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\helper32.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\helper32.dll ()
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 16:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\Shell - "" = AutoRun
    O33 - MountPoints2\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\Shell - "" = AutoRun
    O33 - MountPoints2\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
    O33 - MountPoints2\{643ae993-5671-11de-a5d2-00032548ac5c}\Shell - "" = AutoRun
    O33 - MountPoints2\{643ae993-5671-11de-a5d2-00032548ac5c}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
    O33 - MountPoints2\{84d83e29-827d-11dd-9084-00032548ac5c}\Shell\AutoRun\command - "" = G:\RDEapp.exe -- File not found
    O33 - MountPoints2\{bd771e6c-51ac-11dc-b8b7-000000000000}\Shell - "" = AutoRun
    O33 - MountPoints2\{bd771e6c-51ac-11dc-b8b7-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{d60ced45-6d89-11dd-8adc-00032548ac5c}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
    O33 - MountPoints2\{e0fea5b9-60fa-11de-a759-00032548ac5c}\Shell - "" = AutoRun
    O33 - MountPoints2\{e0fea5b9-60fa-11de-a759-00032548ac5c}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -- File not found
    O33 - MountPoints2\{f4540e4f-499c-11de-9a09-00032548ac5c}\Shell\AutoRun\command - "" = G:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe -- File not found
    O33 - MountPoints2\{f4540e4f-499c-11de-9a09-00032548ac5c}\Shell\open\command - "" = G:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe -- File not found
    O33 - MountPoints2\{f4540e52-499c-11de-9a09-00032548ac5c}\Shell - "" = AutoRun
    O33 - MountPoints2\{f4540e52-499c-11de-9a09-00032548ac5c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias [2009/07/01 11:03:48 | 00,000,000 | ---D | M]
    NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    OTL cannot create restorepoints on Vista OSs!

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/01/26 11:35:01 | 00,472,064 | ---- | C] ( ) -- C:\Users\Kedra\Desktop\RootRepeal.exe
    [2010/01/26 09:28:01 | 00,631,296 | ---- | C] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTS.exe
    [2010/01/26 09:25:24 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTL.exe
    [2010/01/24 19:37:48 | 00,000,000 | ---D | C] -- C:\Users\Kedra\AppData\Local\Yahoo
    [2010/01/24 12:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
    [2010/01/24 12:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/01/13 23:47:38 | 00,000,000 | ---D | C] -- C:\hp_P1000_P1500_Full_Solution
    [2010/01/12 22:35:39 | 00,000,000 | ---D | C] -- C:\8998d53e27651c9b2e98
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Users\Kedra\Desktop\*.tmp files -> C:\Users\Kedra\Desktop\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010/01/26 13:24:58 | 03,932,160 | -HS- | M] () -- C:\Users\Kedra\ntuser.dat
    [2010/01/26 13:23:56 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/01/26 13:23:56 | 00,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/01/26 13:23:56 | 00,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/01/26 12:58:29 | 00,054,016 | ---- | M] () -- C:\Windows\System32\drivers\trpv.sys
    [2010/01/26 12:57:18 | 00,025,159 | ---- | M] () -- C:\Users\Kedra\AppData\Roaming\nvModes.dat
    [2010/01/26 12:57:18 | 00,025,159 | ---- | M] () -- C:\Users\Kedra\AppData\Roaming\nvModes.001
    [2010/01/26 12:57:10 | 00,000,878 | ---- | M] () -- C:\Users\Kedra\Desktop\Internet Security 2010.lnk
    [2010/01/26 12:56:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/01/26 12:56:43 | 00,000,000 | ---- | M] () -- C:\Windows\System32\18467.exe
    [2010/01/26 12:33:46 | 00,002,931 | ---- | M] () -- C:\Windows\System32\warning.html
    [2010/01/26 12:32:16 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/01/26 12:32:16 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/01/26 12:32:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/01/26 12:31:54 | 20,769,01376 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/26 12:29:39 | 00,524,288 | -HS- | M] () -- C:\Users\Kedra\ntuser.dat{a59a12c3-08e7-11dd-903d-00032548ac5c}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/26 12:29:39 | 00,065,536 | -HS- | M] () -- C:\Users\Kedra\ntuser.dat{a59a12c3-08e7-11dd-903d-00032548ac5c}.TM.blf
    [2010/01/26 12:29:35 | 01,679,275 | -H-- | M] () -- C:\Users\Kedra\AppData\Local\IconCache.db
    [2010/01/26 12:13:54 | 00,000,000 | ---- | M] () -- C:\Windows\System32\6334.exe
    [2010/01/26 11:35:06 | 00,000,000 | ---- | M] () -- C:\Users\Kedra\Desktop\settings.dat
    [2010/01/26 11:35:01 | 00,472,064 | ---- | M] ( ) -- C:\Users\Kedra\Desktop\RootRepeal.exe
    [2010/01/26 11:32:43 | 00,001,020 | ---- | M] () -- C:\ProgramData\h8srtkrl32mainweq.dll
    [2010/01/26 11:13:19 | 00,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/01/26 10:27:28 | 00,005,310 | ---- | M] () -- C:\ProgramData\h8srtmainqt.dll
    [2010/01/26 10:22:21 | 00,000,000 | ---- | M] () -- C:\Windows\System32\19169.exe
    [2010/01/26 10:02:00 | 00,000,000 | ---- | M] () -- C:\Windows\System32\26500.exe
    [2010/01/26 09:44:04 | 00,000,001 | ---- | M] () -- C:\s
    [2010/01/26 09:28:01 | 00,631,296 | ---- | M] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTS.exe
    [2010/01/26 09:25:25 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTL.exe
    [2010/01/25 21:32:07 | 00,236,032 | ---- | M] () -- C:\Users\Kedra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/24 19:37:25 | 00,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2010/01/24 12:55:05 | 00,169,512 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
    [2010/01/24 12:02:59 | 00,001,874 | ---- | M] () -- C:\Users\Kedra\Desktop\HijackThis.lnk
    [2010/01/24 11:30:23 | 00,029,184 | ---- | M] () -- C:\Users\Kedra\Desktop\lll.doc
    [2010/01/24 10:42:26 | 00,018,432 | ---- | M] () -- C:\Windows\System32\helper32.dll
    [2010/01/24 10:42:06 | 00,020,992 | ---- | M] () -- C:\Windows\System32\winlogon32.exe
    [2010/01/24 10:42:06 | 00,020,992 | ---- | M] () -- C:\Windows\System32\smss32.exe
    [2010/01/20 11:48:37 | 01,463,808 | ---- | M] () -- C:\Users\Kedra\Desktop\Doc1.doc
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Users\Kedra\Desktop\*.tmp files -> C:\Users\Kedra\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========
     
  6. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    [2010/01/26 12:58:29 | 00,054,016 | ---- | C] () -- C:\Windows\System32\drivers\trpv.sys
    [2010/01/26 11:56:21 | 00,000,878 | ---- | C] () -- C:\Users\Kedra\Desktop\Internet Security 2010.lnk
    [2010/01/26 11:35:06 | 00,000,000 | ---- | C] () -- C:\Users\Kedra\Desktop\settings.dat
    [2010/01/26 10:22:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\19169.exe
    [2010/01/26 10:02:00 | 00,000,000 | ---- | C] () -- C:\Windows\System32\26500.exe
    [2010/01/26 09:44:04 | 00,000,001 | ---- | C] () -- C:\s
    [2010/01/26 09:41:59 | 00,000,000 | ---- | C] () -- C:\Windows\System32\6334.exe
    [2010/01/26 09:21:59 | 00,000,000 | ---- | C] () -- C:\Windows\System32\18467.exe
    [2010/01/24 19:37:25 | 00,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2010/01/24 12:55:05 | 00,169,512 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/01/24 12:53:58 | 00,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/01/24 12:02:59 | 00,001,874 | ---- | C] () -- C:\Users\Kedra\Desktop\HijackThis.lnk
    [2010/01/24 11:30:23 | 00,029,184 | ---- | C] () -- C:\Users\Kedra\Desktop\lll.doc
    [2010/01/24 10:42:25 | 00,018,432 | ---- | C] () -- C:\Windows\System32\helper32.dll
    [2010/01/24 10:42:20 | 00,002,931 | ---- | C] () -- C:\Windows\System32\warning.html
    [2010/01/24 10:42:16 | 00,020,992 | ---- | C] () -- C:\Windows\System32\winlogon32.exe
    [2010/01/24 10:42:16 | 00,020,992 | ---- | C] () -- C:\Windows\System32\smss32.exe
    [2010/01/24 07:46:56 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2010/01/23 08:08:17 | 00,005,310 | ---- | C] () -- C:\ProgramData\h8srtmainqt.dll
    [2010/01/22 03:19:46 | 00,001,020 | ---- | C] () -- C:\ProgramData\h8srtkrl32mainweq.dll
    [2010/01/20 11:48:36 | 01,463,808 | ---- | C] () -- C:\Users\Kedra\Desktop\Doc1.doc
    [2009/12/28 12:08:33 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
    [2009/11/21 10:39:34 | 00,045,056 | ---- | C] () -- C:\Windows\System32\8532util.dll
    [2009/11/21 10:29:27 | 00,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
    [2009/11/21 10:28:25 | 00,122,880 | ---- | C] () -- C:\Windows\System32\Nsvideo.dll
    [2009/11/21 10:11:47 | 00,000,016 | ---- | C] () -- C:\Windows\encore_launcher.ini
    [2009/06/25 08:49:53 | 00,026,504 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
    [2009/06/04 07:46:22 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2009/05/11 18:16:36 | 00,000,146 | ---- | C] () -- C:\Users\Kedra\AppData\Roaming\vllprefs
    [2008/05/16 02:33:38 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2008/03/16 11:55:46 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
    [2008/02/20 22:44:36 | 00,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
    [2008/02/07 09:05:18 | 00,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
    [2008/01/23 10:26:26 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2008/01/16 19:43:52 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2007/12/11 11:46:02 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2007/12/11 11:44:28 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
    [2007/12/11 11:44:28 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
    [2007/12/11 11:43:44 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2007/09/19 16:42:40 | 00,000,680 | ---- | C] () -- C:\Users\Kedra\AppData\Local\d3d9caps.dat
    [2007/08/24 09:43:04 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/08/22 15:36:50 | 00,000,552 | ---- | C] () -- C:\Users\Kedra\AppData\Local\d3d8caps.dat
    [2007/08/13 21:18:03 | 00,025,159 | ---- | C] () -- C:\Users\Kedra\AppData\Roaming\nvModes.001
    [2007/08/13 21:17:57 | 00,025,159 | ---- | C] () -- C:\Users\Kedra\AppData\Roaming\nvModes.dat
    [2007/08/13 19:51:52 | 00,236,032 | ---- | C] () -- C:\Users\Kedra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/05/17 16:47:05 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2008/05/05 23:18:43 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\Autodesk
    [2008/01/23 10:32:56 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\DAEMON Tools
    [2008/01/23 10:22:02 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\DAEMON Tools Pro
    [2007/10/29 16:02:43 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\Grisoft
    [2009/04/26 22:47:18 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\Nemetschek
    [2008/04/07 07:10:10 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\Opera
    [2007/08/16 08:35:42 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\PCToolsFirewallPlus
    [2007/08/13 20:16:38 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\SampleView
    [2008/03/24 18:06:05 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\SecondLife
    [2009/06/25 08:06:47 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\Sierra Wireless
    [2008/08/18 17:08:00 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\TomTom
    [2007/08/15 12:18:13 | 00,000,000 | ---D | M] -- C:\Users\Kedra\AppData\Roaming\WildTangent
    [2010/01/26 12:29:57 | 00,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
    [2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
    [2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
    [2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
    [2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [2010/01/26 03:17:10 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
    [2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    [2008/02/14 07:57:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
    [2008/02/14 07:57:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
    [2008/02/14 07:56:58 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
    [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: IASTORV.SYS >
    [2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
    [2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
    [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
    [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2006/11/02 01:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
    [2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
    [2008/01/18 23:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
    [2008/01/18 23:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
    [2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
    [2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
    [2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/18 23:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
    [2008/01/18 23:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
    [2006/11/02 01:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
    [2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/01/18 23:38:03 | 00,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
    [2008/01/18 23:36:10 | 00,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    < End of report >
     
  7. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    And here are the extras:


    OTL Extras logfile created on: 1/26/2010 1:24:41 PM - Run 1
    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Kedra\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18882)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2040 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.60 Gb Total Space | 4.23 Gb Free Space | 3.05% Space Free | Partition Type: NTFS
    Drive D: | 10.45 Gb Total Space | 4.47 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 1.89 Gb Total Space | 1.52 Gb Free Space | 80.74% Space Free | Partition Type: FAT
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PC
    Current User Name: Kedra
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-793450253-922362121-1077007685-1000]
    "EnableNotificationsRef" = 4
    "EnableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01F37545-490A-42C0-85C1-91C1C7BD8172}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{024D75EB-8007-4A76-ACD7-C18E7F00C110}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
    "{0EA07A47-1B68-46C3-86FC-F65AF0B392DA}" = protocol=17 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{14D341CE-F666-4520-92F3-13A82FE037A0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
    "{35A65921-6659-4739-9502-BD24B006E9CA}" = protocol=6 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{3AF54884-D1E7-418D-95B5-8738C2AF32C5}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
    "{3D01AE67-415B-4925-BEB0-0CF5A10E9C88}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{4502BB06-10CB-4482-953D-B8DB58451FE7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{6D051028-703E-4970-B068-9242D4819C42}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{70E18316-6AFC-4789-BDEA-BAF6F1CE8E95}" = protocol=6 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{72F8FC2F-D842-414E-BF5B-C91047460921}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{80550B0D-7FCC-4476-8CC7-F084E1875AFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8F63E6D5-65BB-4E26-9ACC-AEE25C9B5A07}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
    "{940938C5-DCE9-49F4-8CEE-5EB0ECD357B9}" = protocol=17 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{9EA5E911-BBAC-4402-8BB3-C8CEEBCEB040}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A4EF0CB6-BE11-44DB-8930-6E3059C5AC37}" = protocol=6 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{AC59A058-49A8-4AF3-B66D-1381B59917A3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
    "{BEA8B04C-267B-4897-A274-D845292D5DD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{C97CD07B-93DC-4482-84B0-344219AA1AFE}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{CA7297AA-F70F-4216-A0DF-C4BD6D1CF08E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EA1C9214-C686-48FE-A01A-40FEC109B36F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{EC4EA170-2D8B-411C-9F5E-4A019DC21535}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{EC903171-EDC2-4094-91EA-E51D40DA73AF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{ED0F8BA5-2E25-4404-BE3E-7ABD9FE91563}" = protocol=6 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{ED5A8758-F51D-4344-B562-4EF2B5CF7B27}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{F0247822-DCB1-4994-A0C9-34B64B55994F}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
    "{F06099A6-AC81-4DD8-9529-33302FE3C3B2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{F34388E8-7CA9-4D98-AE5F-919A1793ECDE}" = protocol=17 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{F66AC86A-45ED-49E5-903B-3C2360147251}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{FD096EC8-9902-4E52-A634-EE37648EA926}" = protocol=17 | dir=in | app=c:\users\kedra\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "TCP Query User{025CBE40-869E-4082-8180-2D3DFD080DE2}C:\program files\vectorworks 2008\vectorworks2008.exe" = protocol=6 | dir=in | app=c:\program files\vectorworks 2008\vectorworks2008.exe |
    "TCP Query User{04115565-EC3A-4994-BD4E-D51CB669EB05}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{05EB6B78-1A81-48CA-BA2F-C393FBF70EF8}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "TCP Query User{2093290E-23C0-4467-AFBB-47F17933D87D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{289E451E-F8DC-4115-A141-A5063E280CAF}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |
    "TCP Query User{45D53895-598D-4F88-98EE-091C54B5CA62}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{64D89CFE-D8DC-4690-9DF9-CE7449355F68}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
    "TCP Query User{D3071575-B46F-4AD2-B2A6-4FFFC9AC191E}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |
    "TCP Query User{E6B3BE8D-0D40-4D82-8370-2ED1D0566B0B}C:\program files\apexdc++\apexdc.exe" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
    "TCP Query User{F877D224-2CED-40B8-9A5F-6C8E820B6EE6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{F8EE8B7F-FAA0-40AE-B000-2297437588D6}C:\program files\vectorworks 2008\vectorworks2008.exe" = protocol=6 | dir=in | app=c:\program files\vectorworks 2008\vectorworks2008.exe |
    "TCP Query User{FE12EF6B-E658-4B3C-A794-0232D78922DC}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "UDP Query User{2E42A3CC-1B60-48EA-9800-E53B8973D65E}C:\program files\vectorworks 2008\vectorworks2008.exe" = protocol=17 | dir=in | app=c:\program files\vectorworks 2008\vectorworks2008.exe |
    "UDP Query User{536190DE-8A8D-42CF-97C4-04C6FACA3E92}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{6D017A91-A7C3-44B8-AEBE-52035FEA178F}C:\program files\vectorworks 2008\vectorworks2008.exe" = protocol=17 | dir=in | app=c:\program files\vectorworks 2008\vectorworks2008.exe |
    "UDP Query User{721A64AC-2C60-4195-ABD7-71938996321E}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "UDP Query User{7A5F850C-8A37-4910-8F0B-158E3D668132}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |
    "UDP Query User{8ABEACC1-E129-4ECE-AFE5-A7C9DDC3A69E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{8FE6BC90-4F44-49FA-B8B0-194E2B385F83}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |
    "UDP Query User{A4180BEF-3A62-4A5C-9A24-B549AEF27750}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{B3D96986-C3B1-4451-A359-1B36FCB8071D}C:\program files\apexdc++\apexdc.exe" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
    "UDP Query User{B43DA011-B1E4-4DD5-B45A-102588D25BC1}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "UDP Query User{E5EDA3F1-DC63-4780-B75A-43D56006D810}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
    "UDP Query User{F5C2557C-7248-4C25-B090-3FCBA9084732}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
    "{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
    "{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
    "{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
    "{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
    "{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
    "{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
    "{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
    "{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
    "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Illustrator CS2" = Adobe Illustrator CS2
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "AutoCAD 2008 - English" = AutoCAD 2008 - English
    "AVG9Uninstall" = AVG Free 9.0
    "CASHFLOW® THE E-GAME" = CASHFLOW® THE E-GAME
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "DC++" = DC++ 0.699
    "EADM" = EA Download Manager
    "Gateway Game Console" = Gateway Game Console
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP LaserJet P1000 series" = HP LaserJet P1000 series
    "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee SiteAdvisor" = McAfee SiteAdvisor
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2006b" = Microsoft Money 2006
    "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
    "NVIDIA Drivers" = NVIDIA Drivers
    "PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VideoLAN VLC media player 0.8.6c
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WT021682" = FATE
    "WT021888" = Bejeweled 2 Deluxe
    "WT021890" = Blackhawk Striker 2
    "WT021892" = Blasterball 3
    "WT021894" = Diner Dash - Flo on the Go
    "WT021896" = Family Feud 2
    "WT021902" = Polar Bowler
    "WT021904" = Polar Golfer
    "WT022436" = Tradewinds
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
     
  8. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/21/2010 6:17:44 PM | Computer Name = PC | Source = Application Error | ID = 1000
    Description = Faulting application firefox.exe, version 1.9.0.3642, time stamp 0x4b30258c,
    faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
    code 0xc0000005, fault offset 0x000495a6, process id 0xdc4, application start time
    0x01ca9a597376ecc8.

    Error - 1/21/2010 8:23:31 PM | Computer Name = PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 1.9.0.3642 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: c1c Start Time: 01ca9ae792bfb2c0 Termination Time: 33

    Error - 1/22/2010 7:00:34 AM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 1/22/2010 7:00:34 AM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 1/22/2010 7:00:41 AM | Computer Name = PC | Source = SPP | ID = 16387
    Description =

    Error - 1/22/2010 7:00:42 AM | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 1/22/2010 7:00:49 AM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 1/22/2010 7:00:49 AM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 1/22/2010 7:00:53 AM | Computer Name = PC | Source = SPP | ID = 16387
    Description =

    Error - 1/22/2010 7:00:53 AM | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 12/18/2007 11:19:13 PM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 12/21/2007 12:22:33 AM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/30/2008 11:00:20 AM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/31/2008 11:58:32 AM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/2/2008 11:34:29 AM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/7/2008 2:15:36 PM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 7/7/2008 7:37:34 PM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/16/2009 7:30:02 PM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/14/2009 1:48:12 AM | Computer Name = Kedra-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/11/2009 10:56:53 PM | Computer Name = Kedra-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 1/26/2010 3:32:11 PM | Computer Name = PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/26/2010 3:33:42 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/26/2010 4:32:13 PM | Computer Name = PC | Source = HTTP | ID = 15016
    Description =

    Error - 1/26/2010 4:33:41 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/26/2010 4:33:41 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/26/2010 4:33:41 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/26/2010 4:33:41 PM | Computer Name = PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/26/2010 4:34:24 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/26/2010 5:02:06 PM | Computer Name = PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 1/26/2010 5:25:46 PM | Computer Name = PC | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_TCMT\0000 disappeared from the system without
    first being prepared for removal.


    < End of report >
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello butterflywing14,

    That OTL log shows your System Drive as only having 3.05% Space Free. You have less then 5% of your drive free. You are in danger of messing up the Master File Table of your computer. It is risky running the tools we are using at this low level of free space.

    Under 15% free is less than optimum.

    I suggest you unistall any old programs and back up and remove any data you don't need.

    Before you do that though

    Please run OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [nwiz] File not found
      O4 - HKLM..\Run: [smss32.exe] C:\Windows\System32\smss32.exe ()
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\helper32.dll ()
      O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\helper32.dll ()
      O33 - MountPoints2\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\Shell - "" = AutoRun
      O33 - MountPoints2\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\Shell - "" = AutoRun
      O33 - MountPoints2\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{643ae993-5671-11de-a5d2-00032548ac5c}\Shell - "" = AutoRun
      O33 - MountPoints2\{643ae993-5671-11de-a5d2-00032548ac5c}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
      O33 - MountPoints2\{84d83e29-827d-11dd-9084-00032548ac5c}\Shell\AutoRun\command - "" = G:\RDEapp.exe -- File not found
      O33 - MountPoints2\{bd771e6c-51ac-11dc-b8b7-000000000000}\Shell - "" = AutoRun
      O33 - MountPoints2\{bd771e6c-51ac-11dc-b8b7-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{d60ced45-6d89-11dd-8adc-00032548ac5c}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
      O33 - MountPoints2\{e0fea5b9-60fa-11de-a759-00032548ac5c}\Shell - "" = AutoRun
      O33 - MountPoints2\{e0fea5b9-60fa-11de-a759-00032548ac5c}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -- File not found
      O33 - MountPoints2\{f4540e4f-499c-11de-9a09-00032548ac5c}\Shell\AutoRun\command - "" = G:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe -- File not found
      O33 - MountPoints2\{f4540e4f-499c-11de-9a09-00032548ac5c}\Shell\open\command - "" = G:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe -- File not found
      O33 - MountPoints2\{f4540e52-499c-11de-9a09-00032548ac5c}\Shell - "" = AutoRun
      O33 - MountPoints2\{f4540e52-499c-11de-9a09-00032548ac5c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
      O33 - MountPoints2\H\Shell - "" = AutoRun
      O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
      [2010/01/26 12:57:10 | 00,000,878 | ---- | M] () -- C:\Users\Kedra\Desktop\Internet Security 2010.lnk
      [2010/01/26 12:56:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2010/01/26 12:56:43 | 00,000,000 | ---- | M] () -- C:\Windows\System32\18467.exe
      [2010/01/26 12:33:46 | 00,002,931 | ---- | M] () -- C:\Windows\System32\warning.html
      [2010/01/26 12:32:16 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2010/01/26 12:32:16 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2010/01/26 11:56:21 | 00,000,878 | ---- | C] () -- C:\Users\Kedra\Desktop\Internet Security 2010.lnk
      
      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.
    Lastly in this post

    • Close all windows and open OTL again.
    • Click Run Scan and let the program run uninterrupted
    • It will produce a log for you. Post the log here.
    So when you return please post
    OTL fix log
    OTL log - OTL.txt
     
  10. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    Okay, I am going tomorrow to pick up my first external hard drive. I have been told that Western Digital is a reputable brand. Do you have any advice for picking one out?

    When did the "run fix" the computer rebooted and gave me the log, then the stupid "internet security 2010" thing came up again.. ahh!! But anyways, here it is:

    All processes killed
    ========== OTL ==========
    Service Viewpoint Manager Service stopped successfully!
    Service Viewpoint Manager Service deleted successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
    File C:\Windows\System32\smss32.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
    File C:\Windows\System32\helper32.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ deleted successfully.
    File C:\Windows\System32\helper32.dll not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1166b4cb-e9d9-11dd-a844-00032548ac5c}\ not found.
    File G:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{161f7378-c9e1-11dc-b0d2-00032548ac5c}\ not found.
    File F:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{643ae993-5671-11de-a5d2-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643ae993-5671-11de-a5d2-00032548ac5c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{643ae993-5671-11de-a5d2-00032548ac5c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643ae993-5671-11de-a5d2-00032548ac5c}\ not found.
    File G:\LapNetWizard.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84d83e29-827d-11dd-9084-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84d83e29-827d-11dd-9084-00032548ac5c}\ not found.
    File G:\RDEapp.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd771e6c-51ac-11dc-b8b7-000000000000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd771e6c-51ac-11dc-b8b7-000000000000}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd771e6c-51ac-11dc-b8b7-000000000000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd771e6c-51ac-11dc-b8b7-000000000000}\ not found.
    File G:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d60ced45-6d89-11dd-8adc-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d60ced45-6d89-11dd-8adc-00032548ac5c}\ not found.
    File G:\InstallTomTomHOME.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0fea5b9-60fa-11de-a759-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0fea5b9-60fa-11de-a759-00032548ac5c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0fea5b9-60fa-11de-a759-00032548ac5c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0fea5b9-60fa-11de-a759-00032548ac5c}\ not found.
    File G:\WIN\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4540e4f-499c-11de-9a09-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4540e4f-499c-11de-9a09-00032548ac5c}\ not found.
    File G:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4540e4f-499c-11de-9a09-00032548ac5c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4540e4f-499c-11de-9a09-00032548ac5c}\ not found.
    File G:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4540e52-499c-11de-9a09-00032548ac5c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4540e52-499c-11de-9a09-00032548ac5c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4540e52-499c-11de-9a09-00032548ac5c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4540e52-499c-11de-9a09-00032548ac5c}\ not found.
    File H:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
    File H:\LaunchU3.exe not found.
    C:\Users\Kedra\Desktop\Internet Security 2010.lnk moved successfully.
    C:\Windows\bootstat.dat moved successfully.
    C:\Windows\System32\18467.exe moved successfully.
    C:\Windows\System32\warning.html moved successfully.
    File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
    File C:\Users\Kedra\Desktop\Internet Security 2010.lnk not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kedra
    ->Temp folder emptied: 821317531 bytes
    ->Temporary Internet Files folder emptied: 510462484 bytes
    ->Java cache emptied: 4144420 bytes
    ->FireFox cache emptied: 32472470 bytes
    ->Apple Safari cache emptied: 386820240 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 149199450 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 93357420 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 59846 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 388031260 bytes

    Total Files Cleaned = 2,275.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

    OTL by OldTimer - Version 3.1.27.0 log created on 01272010_082540

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  11. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    And here is the other OTL log:

    OTL logfile created on: 1/27/2010 8:48:34 AM - Run 2
    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Kedra\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18882)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2040 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.60 Gb Total Space | 7.36 Gb Free Space | 5.31% Space Free | Partition Type: NTFS
    Drive D: | 10.45 Gb Total Space | 4.47 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 1.89 Gb Total Space | 1.00 Gb Free Space | 52.86% Space Free | Partition Type: FAT
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PC
    Current User Name: Kedra
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/01/26 09:25:25 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTL.exe
    PRC - [2010/01/24 09:27:05 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/01/19 03:57:44 | 02,743,104 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/01/19 03:57:41 | 00,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/09/22 11:50:36 | 00,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
    PRC - [2009/05/11 10:45:18 | 00,024,576 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
    PRC - [2009/02/23 05:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/10/28 22:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/01/18 23:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
    PRC - [2008/01/18 23:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
    PRC - [2008/01/17 08:51:02 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
    PRC - [2006/11/17 13:58:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PRC - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/01/26 09:25:25 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Kedra\Desktop\OTL.exe
    MOD - [2008/01/18 23:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (MSK80Service)
    SRV - File not found [Auto | Stopped] -- -- (MpfService)
    SRV - File not found [Auto | Stopped] -- -- (McNASvc)
    SRV - [2010/01/19 03:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/01/19 03:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/01/19 03:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/07/02 08:01:21 | 00,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
    SRV - [2008/01/29 09:09:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/11/11 19:57:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/08/18 10:16:16 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
    SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
    SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/01/19 05:13:58 | 00,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/01/19 03:46:52 | 00,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/01/19 03:43:40 | 00,023,248 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/01/19 03:43:23 | 00,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/01/19 03:42:57 | 00,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/11/04 16:54:12 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/11/04 16:53:40 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/08/28 08:46:05 | 00,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
    DRV - [2008/05/23 15:52:54 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2008/01/23 10:26:26 | 00,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/01/18 21:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV - [2008/01/10 15:59:44 | 00,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
    DRV - [2008/01/10 15:58:48 | 00,165,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
    DRV - [2007/05/14 05:33:00 | 07,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/01/18 09:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
    DRV - [2007/01/02 16:44:30 | 00,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/11/28 15:11:00 | 01,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/17 14:22:02 | 00,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/01 23:36:49 | 00,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2006/11/01 23:36:45 | 01,302,492 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ialmnt5.sys -- (ialm)
    DRV - [2006/11/01 23:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2006/11/01 23:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/11/01 23:30:56 | 00,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
    DRV - [2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/01 23:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/11/01 23:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
    DRV - [2006/09/15 08:44:18 | 00,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2002/07/10 05:13:00 | 00,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuvt.sys -- (DCamUSBUVT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}:1.3.3
    FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
     
  12. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Some of that log missing there.;)

    Anyway, moving on.

    Please download ComboFix from one of these locations:

    NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  13. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    Here is the log:

    ComboFix 10-01-27.02 - Kedra 01/27/2010 12:17:42.1.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.1.1033.18.1982.1458 [GMT -8:00]
    Running from: c:\users\Kedra\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-793450253-922362121-1077007685-500
    c:\program files\AntiSpywareShield
    c:\program files\AntiSpywareShield\AntiSpywareShield1.ad
    c:\program files\InternetSecurity2010
    C:\Recycle
    c:\recycle\D-0-060-0000000000-1111111-2222222\Desktop.ini
    C:\s
    c:\users\Kedra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
    c:\users\Kedra\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security 2010.lnk
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\Fonts\MyriadPro-Regular.otf
    c:\windows\system32\19169.exe
    c:\windows\system32\26500.exe
    c:\windows\system32\41.exe
    c:\windows\system32\6334.exe
    c:\windows\system32\srcr.dat
    c:\windows\system32\twain_32.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
    .

    2010-01-27 20:26 . 2010-01-27 20:26 -------- d-----w- c:\users\Kedra\AppData\Local\temp
    2010-01-27 20:26 . 2010-01-27 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-01-27 16:25 . 2010-01-27 16:25 -------- d-----w- C:\_OTL
    2010-01-26 22:51 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-01-26 22:51 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-01-26 22:51 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-01-26 22:51 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-01-26 22:51 . 2010-01-19 11:43 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-01-26 22:49 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-01-26 22:49 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
    2010-01-26 22:49 . 2010-01-26 22:49 -------- d-----w- c:\programdata\Alwil Software
    2010-01-26 22:49 . 2010-01-26 22:49 -------- d-----w- c:\program files\Alwil Software
    2010-01-26 21:50 . 2010-01-26 21:34 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
    2010-01-26 21:50 . 2010-01-26 21:34 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
    2010-01-25 03:37 . 2010-01-25 03:43 -------- d-----w- c:\users\Kedra\AppData\Local\Yahoo
    2010-01-25 03:37 . 2009-11-10 22:39 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
    2010-01-24 20:55 . 2010-01-24 20:55 169512 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-01-24 20:53 . 2010-01-24 20:53 -------- d-----w- c:\program files\Safari
    2010-01-24 20:02 . 2010-01-24 20:02 -------- d-----w- c:\program files\Trend Micro
    2010-01-24 15:51 . 2010-01-24 15:51 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-24 15:45 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
    2010-01-23 16:08 . 2010-01-26 18:27 5310 ----a-w- c:\programdata\h8srtmainqt.dll
    2010-01-22 11:19 . 2010-01-26 19:32 1020 ----a-w- c:\programdata\h8srtkrl32mainweq.dll
    2010-01-14 07:51 . 2009-09-22 19:50 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
    2010-01-14 07:47 . 2010-01-14 07:49 -------- d-----w- C:\hp_P1000_P1500_Full_Solution
    2010-01-13 06:35 . 2010-01-13 06:35 -------- d-----w- C:\8998d53e27651c9b2e98
    2010-01-13 02:15 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-01-13 02:15 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-01-05 23:16 . 2010-01-22 11:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-05 23:16 . 2010-01-22 00:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-01-04 03:56 . 2010-01-04 03:56 -------- d-----w- c:\programdata\NVIDIA
    2010-01-03 16:39 . 2010-01-03 16:39 -------- d-----w- c:\users\Kedra\AppData\Roaming\Malwarebytes
    2010-01-03 16:32 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-03 16:32 . 2010-01-03 16:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-03 16:32 . 2010-01-03 16:32 -------- d-----w- c:\programdata\Malwarebytes
    2010-01-03 16:32 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-28 22:24 . 2009-11-05 00:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
    2009-12-28 22:22 . 2009-12-28 22:22 -------- d-----w- c:\users\Kedra\AppData\Local\Threat Expert
    2009-12-28 21:53 . 2009-12-28 21:53 -------- d-----w- C:\$AVG
    2009-12-28 21:51 . 2009-12-28 21:51 -------- d-----w- c:\program files\AVG
    2009-12-28 21:51 . 2010-01-26 22:09 -------- d-----w- c:\programdata\avg9

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-26 21:06 . 2009-12-11 18:36 -------- d-----w- c:\programdata\Yahoo!
    2010-01-26 21:06 . 2009-12-11 18:32 -------- d-----w- c:\program files\Yahoo!
    2010-01-26 20:57 . 2007-08-14 05:17 25159 ----a-w- c:\users\Kedra\AppData\Roaming\nvModes.dat
    2010-01-26 11:17 . 2008-09-24 08:47 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
    2010-01-25 03:43 . 2009-12-11 18:37 -------- d-----w- c:\users\Kedra\AppData\Roaming\Yahoo!
    2010-01-24 20:54 . 2007-10-28 01:32 -------- d-----w- c:\users\Kedra\AppData\Roaming\Apple Computer
    2010-01-24 20:52 . 2007-09-20 15:23 -------- d-----w- c:\program files\Common Files\Apple
    2010-01-22 15:50 . 2009-06-11 01:09 -------- d-----w- c:\programdata\HP
    2010-01-14 07:49 . 2009-06-08 14:55 -------- d--h--w- c:\program files\Avago-HP
    2010-01-13 15:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-01-08 16:45 . 2007-05-18 00:22 -------- d-----w- c:\program files\Google
    2010-01-06 18:27 . 2008-04-06 02:29 -------- d-----w- c:\program files\DC++
    2010-01-03 15:19 . 2007-09-20 00:42 680 ----a-w- c:\users\Kedra\AppData\Local\d3d9caps.dat
    2010-01-02 06:38 . 2010-01-24 15:46 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-01-02 06:32 . 2010-01-24 15:46 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-01-02 06:32 . 2010-01-24 15:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-01-02 04:57 . 2010-01-24 15:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-28 22:23 . 2007-05-18 00:29 -------- d-----w- c:\programdata\McAfee
    2009-12-27 02:58 . 2009-12-27 02:58 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-12-27 02:50 . 2009-12-03 17:34 -------- d-----w- c:\program files\Windows Live
    2009-12-27 02:41 . 2007-05-18 00:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-27 02:39 . 2009-11-21 18:25 -------- d-----w- c:\program files\NewSoft
    2009-12-11 16:21 . 2008-01-01 05:38 -------- d-----w- c:\programdata\Skype
    2009-12-11 04:05 . 2008-01-01 05:40 -------- d-----w- c:\users\Kedra\AppData\Roaming\Skype
    2009-11-08 06:49 . 2009-08-13 19:21 4187512 ----a-w- c:\users\Kedra\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    2009-11-06 05:16 . 2009-11-06 05:16 73728 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2009-11-05 00:54 . 2009-11-05 00:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2009-11-03 04:42 . 2009-10-03 17:16 195456 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-17 40072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
    backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Kedra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\users\Kedra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
    2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
    2007-04-25 21:28 954368 ----a-w- c:\program files\HP\Dfawep\bin\hpbdfawep.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
    2009-05-11 18:45 24576 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2007-05-14 13:33 8429568 ----a-w- c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2007-05-14 13:33 81920 ----a-w- c:\windows\System32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    2007-05-14 13:33 86016 ----a-w- c:\windows\System32\nvsvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-11-04 18:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
    2007-02-09 02:39 36904 ----a-w- c:\program files\SiteAdvisor\6261\SiteAdv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-22 07:24 165304 ----a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-793450253-922362121-1077007685-1000]
    "EnableNotificationsRef"=dword:00000004

    R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [1/26/2010 2:51 PM 162640]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [1/26/2010 2:51 PM 19024]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [1/26/2010 2:51 PM 51792]
    R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [11/2/2006 2:25 AM 311808]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1/23/2008 10:26 AM 716272]
    S3 DCamUSBUVT;Micro Webcam Basic IC50C;c:\windows\System32\drivers\usbuvt.sys [11/21/2009 10:39 AM 95232]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 2:25 AM 2589184]
    S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\System32\drivers\swnc8u80.sys [1/10/2008 3:58 PM 165248]
    S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\System32\drivers\swumx80.sys [1/10/2008 3:59 PM 142976]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3422
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Kedra\AppData\Roaming\Mozilla\Firefox\Profiles\8cyv0rxm.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\SiteAdvisor\6261\FF\components\FFHook.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Kedra\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\Kedra\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
    MSConfigStartUp-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
    MSConfigStartUp-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe
    MSConfigStartUp-DAEMON Tools Pro Agent - c:\users\Kedra\Documents\DC++\DAEMON Tools Pro\DTProAgent.exe
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-Google Update - c:\users\Kedra\AppData\Local\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
    MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
    MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
    MSConfigStartUp-tbhSystray - c:\program files\tbh\base\bin\tbhSystray.exe
    MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
    MSConfigStartUp-Windows Explorer - c:\recycle\D-0-060-0000000000-1111111-2222222\rYan.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-27 12:26
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\enmflvyhnesbvpv]
    "imagepath"="\??\c:\windows\TEMP\80E.tmp"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rymsinbilqwiwxe]
    "imagepath"="\??\c:\windows\TEMP\E6B6.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-01-27 12:28:56
    ComboFix-quarantined-files.txt 2010-01-27 20:28

    Pre-Run: 7,580,610,560 bytes free
    Post-Run: 7,524,098,048 bytes free

    - - End Of File - - B99DBEA163A6EBACAE10DE51D5C343D4
     
  14. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Sorry I missed answering this at my last post.

    Really the tech section here is better able to answer that question. I understand though that Western Digital is reputable. I have a Verbatim external hard drive, a terabyte which seems to work fine. The only reason it's Verbatim was because that was what was there at the right price when I went to purchase it.

    Now

    Your Java is out to date. Older versions are vunerable to attack.

    Please follow these steps:

    • Download from here Java Runtime Environment (JDK) Update
    • Scroll to where it says "Windows 7/Vista/2000/2003/2008 online" and download and follow the instructions.

      Reboot your computer.
      You also need to uininstall older versions of Java.
    • Click Start > Control Panel > Add or Remove Programs
    • Remove all Java updates except the latest one you have just installed.
    After that

    You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

    If you no-longer have Malwarebytes please download from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Next

    Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

    Kaspersky works with Internet Explorer and Firefox 3.

    Go to Kaspersky website and perform an online antivirus scan.

    Note: you will need to turn off your security programs to allow Kaspersky to do its job.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    Copy and paste that information in your next post.

    So when you return please post
    • MBAM log
    • Kaspersky scan results
    • and tell me how your computer is performing now
     
  15. butterflywing14

    butterflywing14 Thread Starter

    Joined:
    Jan 24, 2010
    Messages:
    17
    Hey,
    I ran both programs and it looks as though they came back clean. My computer is not experiencing the problems that it had before but it is kind of slow to open applications and new browser pages. I assume this is because I only have 3% of space left on my computer. I am leaving now to purchase my first external hard drive to back up my files. Thank you a MILLION for all of your help!! you have saved my life!! thank you thank you thank you!!!

    Here is Malwarebytes:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3649
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18882

    1/28/2010 12:06:30 AM
    mbam-log-2010-01-28 (00-06-30).txt

    Scan type: Quick Scan
    Objects scanned: 103664
    Time elapsed: 12 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    And Kaspersky:
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Thursday, January 28, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Thursday, January 28, 2010 15:33:03
    Records in database: 3381113
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Objects scanned: 220585
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 07:46:25

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/897131

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice