Last night i got a pop up saying my computer was infected with this trojan.win32.agent.azsy virus and some personal anti virus popped up and i downloaded but did not pay for anything now i keep getting this thing that comes up thats saying blocked please continue unprotected blah blah blah and it wont let me go to any pages that could possibly help me. I need to find a way to remove this thing Ive tried everything I can think of but it still wont go away. Ive even tried to remove it from my programs and it wont uninstall. When I go to my control panel its not there. But there is a balloon that keeps popping up on my icon thing. What can I do?

Hi there lets go for a quick and dirty fix to kill most of the problem and then look to removing the rest

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ON COMPLETION

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

I cant pay for any antispyware at the moment i dont have any money so is this free or is there a way that i dont have to pay?

Malwarebytes' Anti-Malware 1.36
Database version: 2127
Windows 5.1.2600 Service Pack 2

5/12/2009 6:55:48 PM
mbam-log-2009-05-12 (18-55-47).txt

Scan type: Quick Scan
Objects scanned: 85213
Time elapsed: 17 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 31
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 71

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
D:\WINDOWS\system32\winexplorer.dll (Rogue.PersonalAntiVirus) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Documents and Settings\Jill\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110 (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:
D:\WINDOWS\system32\winexplorer.dll (Trojan.FakeAlert) -> Delete on reboot.
D:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\0Q99CLOD\setupxv[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\AdwareAlert\Log\2009 May 12 - 01_42_39 PM_415.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Logs\2009-04-21 08-05-430.log (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Logs\2009-04-21 13-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\QuarantineW\2009-04-21 08-10-110\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jill\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
D:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Start Menu\PAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
D:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

Wow you are so awsome! so far it hasn't happened again. THANK YOU SO MUCH!!!!!

Hi all the programmes I will use are free

If I could have the otlistit report as there will still be some to remove

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log

Re-opened for continuation

I downloaded the attatchment twice to make sure I got it right. I really appreciate all you guy's help! It wont let me upload the attatchment i upload it and it still says no attatchments in the manage current attatchments place

You need to browse to the file first which is the grey button and then use the green upload button, followed by manage attachments

LOL I did that but it won't work and when I try to copy and paste my computer doesn't respond it just freezes up I think Im going to trash this thing or let my kids play with it til it ctashes completely if I cant get it to work, what do you think? And still when I am trying to attatch it it still wont download it says when i click on the brows button and click on the notepad file that i can upload it and its in the box and then i click on the upload button and it says its uploading but then when it is done it is still not there. I can email it cause I email a copy to my boyfriend and it went through but it wont let me upload on here for some reason. Obviously I am getting very frustrated here and I dont know what I am doing. I can email it to you if you want to give me an email address but I just cant do it on here

This is the otlistit



OTListIt logfile created on: 5/25/2009 6:08:49 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = D:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\IIVZKNOM
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

575.55 Mb Total Physical Memory | 304.82 Mb Available Physical Memory | 52.96% Memory free
1.37 Gb Paging File | 1.14 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): D:\pagefile.sys 864 1728 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 3.99 Gb Total Space | 3.33 Gb Free Space | 83.51% Space Free | Partition Type: NTFS
Drive D: | 14.64 Gb Total Space | 3.49 Gb Free Space | 23.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JILL-COMPAQ
Current User Name: Jill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - D:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - D:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - D:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - D:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - D:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - D:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\IIVZKNOM\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (helpsvc [Auto | Running]) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- D:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- D:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (BANTExt [System | Running]) -- D:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (ltmodem5 [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\ltmdmnt.sys (LT)
DRV - (nv [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (VIAudio [On_Demand | Running]) -- D:\WINDOWS\system32\drivers\ac97via.sys (VIA Technologies, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-854245398-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-854245398-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1715567821-854245398-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1715567821-854245398-1202660629-1003\S-1-5-21-1715567821-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/24 23:25:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 22:59:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/24 23:25:43 | 00,000,000 | ---D | M]

[2009/04/07 03:13:14 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\mozilla\Extensions
[2009/04/07 03:13:14 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/25 17:34:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\mozilla\Firefox\Profiles\plc83xpg.default\extensions
[2009/05/24 23:42:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\mozilla\Firefox\Profiles\plc83xpg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/19 01:28:44 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\mozilla\Firefox\Profiles\plc83xpg.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/04/18 13:42:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\mozilla\Firefox\Profiles\plc83xpg.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}
[2009/04/19 01:28:54 | 00,001,728 | ---- | M] () -- D:\Documents and Settings\Jill\Application Data\Mozilla\FireFox\Profiles\plc83xpg.default\searchplugins\aim-search.xml
[2009/04/18 16:42:26 | 00,000,682 | ---- | M] () -- D:\Documents and Settings\Jill\Application Data\Mozilla\FireFox\Profiles\plc83xpg.default\searchplugins\ask.xml
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- D:\Documents and Settings\Jill\Application Data\Mozilla\FireFox\Profiles\plc83xpg.default\searchplugins\MySpace.xml
[2009/04/19 01:28:46 | 00,009,899 | ---- | M] () -- D:\Documents and Settings\Jill\Application Data\Mozilla\FireFox\Profiles\plc83xpg.default\searchplugins\mywebsearch.xml
[2009/05/25 17:06:06 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2009/05/20 22:59:17 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/24 23:25:46 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1715567821-854245398-1202660629-1003..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1715567821-854245398-1202660629-1003..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-854245398-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1240020233835 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/Pow...N-US/msorun.cab (IEAnimBehaviorFactory Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.138,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{6A3CC3B7-83B4-467F-9C16-1B8FB00F2030}\\NameServer = 85.255.112.138,85.255.112.9
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - D:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (NVDESK32.DLL) - D:\WINDOWS\system32\NVDESK32.DLL (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (D:\RECYCLER\S-1-5-21-0290022821-9453167003-340102894-1310\rundll32.exe) - D:\RECYCLER\S-1-5-21-0290022821-9453167003-340102894-1310\.exe File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/07 01:39:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/19 23:23:25 | 00,000,428 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/19 23:23:25 | 00,000,422 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/25 17:13:12 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[3 D:\WINDOWS\*.tmp files]
[2009/05/25 17:01:55 | 00,503,808 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Jill\Desktop\OTS.exe
[2009/05/25 17:01:29 | 00,503,808 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Jill\My Documents\OTS.exe
[2009/05/25 00:12:20 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\school work
[2009/05/24 23:46:56 | 00,000,000 | ---D | C] -- D:\WINDOWS\Sun
[2009/05/24 23:24:50 | 00,000,000 | ---D | C] -- D:\Program Files\Java
[2009/05/24 23:22:41 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\Sun
[2009/05/24 23:07:26 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\support_files
[2009/05/24 23:07:25 | 00,067,934 | ---- | C] () -- D:\Documents and Settings\Jill\My Documents\support.html
[2009/05/24 22:27:21 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\ReinstallBackups
[2009/05/24 22:26:50 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\InstallShield
[2009/05/24 22:22:17 | 00,000,000 | ---D | C] -- D:\Program Files\HP
[2009/05/24 22:21:55 | 00,000,000 | ---D | C] -- D:\WINDOWS\Downloaded Installations
[2009/05/24 21:25:33 | 06,641,432 | ---- | C] (PC Tools ) -- D:\Documents and Settings\Jill\My Documents\rminstall.exe
[2009/05/24 21:02:50 | 00,000,000 | ---- | C] () -- D:\Documents and Settings\Jill\My Documents\driverscanner.exe
[2009/05/24 20:48:18 | 00,001,748 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2009/05/24 20:48:16 | 00,003,840 | ---- | C] () -- D:\WINDOWS\System32\drivers\BANTExt.sys
[2009/05/24 20:48:15 | 00,000,000 | ---D | C] -- D:\Program Files\Belarc
[2009/05/24 20:47:55 | 01,825,288 | ---- | C] () -- D:\Documents and Settings\Jill\My Documents\advisor.exe
[2009/05/24 15:46:51 | 00,000,000 | ---- | C] () -- D:\Documents and Settings\Jill\My Documents\WGAPluginInstall.exe
[2009/05/24 15:32:34 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Blizzard
[2009/05/24 15:31:18 | 00,000,705 | ---- | C] () -- D:\Documents and Settings\Jill\Desktop\World of Warcraft Trial.lnk
[2009/05/24 15:27:32 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Blizzard Entertainment
[2009/05/24 15:27:27 | 00,000,000 | ---D | C] -- D:\Program Files\World of Warcraft Trial
[2009/05/20 22:59:20 | 00,001,602 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/18 13:21:59 | 00,000,792 | ---- | C] () -- D:\Documents and Settings\Jill\Desktop\Microsoft Office Outlook.lnk
[2009/05/16 14:17:11 | 00,000,162 | -H-- | C] () -- D:\Documents and Settings\Jill\My Documents\~$YCHapa.doc
[2009/05/16 13:50:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/16 11:47:59 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\Adobe Reader 9 Installer
[2009/05/16 03:52:56 | 00,001,729 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/16 02:07:37 | 00,032,592 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msonpmon.dll
[2009/05/16 01:52:30 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Works
[2009/05/16 01:51:32 | 00,000,000 | ---D | C] -- D:\Program Files\MSBuild
[2009/05/16 01:48:54 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Visual Studio
[2009/05/16 01:48:49 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\DESIGNER
[2009/05/16 01:15:59 | 00,000,000 | ---D | C] -- D:\WINDOWS\SHELLNEW
[2009/05/16 01:09:51 | 00,000,000 | RH-D | C] -- D:\MSOCache
[2009/05/16 01:07:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/05/16 00:20:50 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\Office 2007 Visio
[2009/05/16 00:18:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\Office 2007 Project
[2009/05/16 00:10:38 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\Office 2007 Enterprise
[2009/05/16 00:10:37 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\Images
[2009/05/16 00:08:37 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\ExpressionWeb
[2009/05/15 20:41:57 | 00,000,000 | ---D | C] -- D:\Program Files\Anyplace Control 4
[2009/05/15 20:39:46 | 03,245,527 | ---- | C] () -- D:\Documents and Settings\Jill\My Documents\AnyplaceControlInstall.exe
[2009/05/15 20:32:44 | 00,001,486 | ---- | C] () -- D:\Documents and Settings\Jill\Desktop\MagicISO.lnk
[2009/05/15 20:32:43 | 00,000,000 | ---D | C] -- D:\Program Files\MagicISO
[2009/05/15 20:27:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\WinRAR
[2009/05/15 20:27:06 | 00,000,000 | ---D | C] -- D:\Program Files\WinRAR
[2009/05/15 13:32:12 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\Unity
[2009/05/15 10:39:40 | 00,001,744 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2009/05/15 10:39:18 | 00,000,000 | ---D | C] -- D:\Program Files\Unity
[2009/05/14 23:40:25 | 00,000,422 | RHS- | C] () -- D:\autorun.inf
[2009/05/14 18:45:26 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Office
[2009/05/14 18:44:53 | 00,000,000 | ---D | C] -- D:\Program Files\MSECache
[2009/05/12 22:06:37 | 00,000,000 | ---D | C] -- D:\Program Files\Freeze.com
[2009/05/12 18:35:15 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\Malwarebytes
[2009/05/12 18:35:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2009/05/12 18:35:10 | 00,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/12 18:35:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/12 18:35:05 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2009/05/12 18:35:05 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/12 13:20:38 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\Google
[2009/05/12 13:10:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/12 13:09:24 | 00,000,000 | ---D | C] -- D:\Program Files\Google
[2009/05/11 22:53:12 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Uninstall
[2009/05/11 22:52:33 | 00,000,000 | ---D | C] -- D:\Program Files\PAV
[2009/05/06 20:25:24 | 02,414,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_31.dll
[2009/05/06 20:25:13 | 00,000,000 | ---D | C] -- D:\WINDOWS\Logs
[2009/05/06 20:25:11 | 00,000,000 | ---D | C] -- D:\Program Files\Sony Online Entertainment
[2009/04/27 15:08:16 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\DriverCure
[2009/04/27 15:08:04 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/27 15:08:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DriverCure
[2009/04/27 01:19:54 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\My Documents\movies
[2009/04/26 23:39:40 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Jill\Application Data\MySpace
[2009/04/26 23:39:26 | 00,000,000 | ---D | C] -- D:\Program Files\MySpace
[2009/04/11 00:39:24 | 00,000,021 | ---- | C] () -- D:\WINDOWS\atid.ini
[2009/02/21 08:25:20 | 00,691,592 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL
[2004/07/17 07:36:38 | 00,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 01:00:00 | 00,000,582 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 01:00:00 | 00,000,231 | ---- | C] () -- D:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[3 D:\WINDOWS\*.tmp files]
[2009/05/25 17:01:56 | 00,503,808 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Jill\Desktop\OTS.exe
[2009/05/25 17:01:30 | 00,503,808 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Jill\My Documents\OTS.exe
[2009/05/24 23:46:57 | 00,001,744 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2009/05/24 23:07:29 | 00,067,934 | ---- | M] () -- D:\Documents and Settings\Jill\My Documents\support.html
[2009/05/24 22:30:28 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/05/24 22:30:23 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\Jill\Local Settings\desktop.ini
[2009/05/24 22:30:11 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/05/24 22:30:03 | 60,357,4272 | -HS- | M] () -- D:\hiberfil.sys
[2009/05/24 21:26:19 | 06,641,432 | ---- | M] (PC Tools ) -- D:\Documents and Settings\Jill\My Documents\rminstall.exe
[2009/05/24 21:02:50 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\Jill\My Documents\driverscanner.exe
[2009/05/24 20:48:18 | 00,001,748 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2009/05/24 20:48:02 | 01,825,288 | ---- | M] () -- D:\Documents and Settings\Jill\My Documents\advisor.exe
[2009/05/24 15:46:51 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\Jill\My Documents\WGAPluginInstall.exe
[2009/05/24 15:31:18 | 00,000,705 | ---- | M] () -- D:\Documents and Settings\Jill\Desktop\World of Warcraft Trial.lnk
[2009/05/24 15:19:38 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/05/20 22:59:20 | 00,001,602 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/19 23:23:25 | 00,000,422 | RHS- | M] () -- D:\autorun.inf
[2009/05/18 13:21:59 | 00,000,792 | ---- | M] () -- D:\Documents and Settings\Jill\Desktop\Microsoft Office Outlook.lnk
[2009/05/16 16:53:45 | 00,263,024 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/16 14:17:11 | 00,000,162 | -H-- | M] () -- D:\Documents and Settings\Jill\My Documents\~$YCHapa.doc
[2009/05/16 11:46:58 | 00,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/16 02:31:46 | 00,356,738 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/16 02:31:46 | 00,314,508 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2009/05/16 02:31:46 | 00,040,836 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2009/05/16 01:21:28 | 00,000,582 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/05/15 20:41:08 | 03,245,527 | ---- | M] () -- D:\Documents and Settings\Jill\My Documents\AnyplaceControlInstall.exe
[2009/05/15 20:32:44 | 00,001,486 | ---- | M] () -- D:\Documents and Settings\Jill\Desktop\MagicISO.lnk
[2009/05/12 18:35:10 | 00,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== LOP Check ==========

[2009/05/24 15:32:34 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\All Users\Application Data
[2009/04/11 00:38:38 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\acccore
[2009/05/16 11:46:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/11 00:37:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AOL
[2009/04/11 00:39:32 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/04/11 00:37:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/04/18 13:43:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Azureus
[2009/05/24 15:32:34 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Blizzard
[2009/04/27 15:11:38 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DriverCure
[2009/05/12 18:35:05 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/16 01:42:03 | 00,000,000 | --SD | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/16 20:26:22 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/05/16 16:55:05 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NOS
[2009/04/19 02:19:51 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/04/27 15:08:04 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/12 13:21:34 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/26 23:21:07 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/17 22:08:35 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/07 03:58:53 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/04/19 03:26:03 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/06 21:16:38 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\Default User\Application Data
[2009/04/07 01:39:37 | 00,000,000 | --SD | M] -- D:\Documents and Settings\Default User\Application Data\Microsoft
[2009/05/24 23:22:41 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\Jill\Application Data
[2009/04/11 00:40:50 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\acccore
[2009/05/16 13:54:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Adobe
[2009/04/18 16:12:28 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Azureus
[2009/05/22 22:55:04 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\BitTorrent
[2009/05/16 13:50:39 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/27 15:09:27 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\DriverCure
[2009/05/12 13:20:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Google
[2009/04/07 01:52:53 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Identities
[2009/04/07 03:43:43 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Macromedia
[2009/05/12 18:35:15 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Malwarebytes
[2009/04/21 22:39:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Media Player Classic
[2009/05/17 00:28:16 | 00,000,000 | --SD | M] -- D:\Documents and Settings\Jill\Application Data\Microsoft
[2009/04/07 03:13:14 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Mozilla
[2009/04/26 23:39:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\MySpace
[2009/05/24 23:22:41 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Sun
[2009/05/15 13:32:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Unity
[2009/04/20 20:54:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\vlc
[2009/05/15 20:27:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\WinRAR
[2009/04/19 03:21:11 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Jill\Application Data\Yahoo!
[2009/05/15 20:58:31 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data
[2009/05/15 20:58:10 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Adobe
[2009/05/15 20:58:31 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\BitTorrent
[2009/05/14 23:46:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Google
[2009/05/15 20:58:15 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/05/17 01:25:32 | 00,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/14 23:41:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/04/07 01:49:59 | 00,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data
[2009/04/07 01:50:00 | 00,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2001/08/23 01:00:00 | 00,000,065 | RH-- | M] () -- D:\WINDOWS\Tasks\desktop.ini
[2009/05/24 22:30:28 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
this is the extras

OTListIt Extras logfile created on: 5/25/2009 6:08:49 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = D:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\IIVZKNOM
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

575.55 Mb Total Physical Memory | 304.82 Mb Available Physical Memory | 52.96% Memory free
1.37 Gb Paging File | 1.14 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): D:\pagefile.sys 864 1728 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 3.99 Gb Total Space | 3.33 Gb Free Space | 83.51% Space Free | Partition Type: NTFS
Drive D: | 14.64 Gb Total Space | 3.49 Gb Free Space | 23.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JILL-COMPAQ
Current User Name: Jill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1715567821-854245398-1202660629-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM File not found
D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
D:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger File not found
D:\Program Files\Anyplace Control 4\apc_host.exe:*:Enabled:Anyplace Control - Host Module File not found
D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belarc Advisor" = Belarc Advisor 7.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Realms Installer" = Free Realms Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 0.9.2
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"World of Warcraft Trial" = World of Warcraft Trial

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-854245398-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2009 11:54:27 PM | Computer Name = JILL-COMPAQ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module mshtml.dll, version 7.0.6000.16825, fault address 0x000b1a20.

Error - 4/25/2009 2:26:30 AM | Computer Name = JILL-COMPAQ | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.3250, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 4/27/2009 4:15:12 PM | Computer Name = JILL-COMPAQ | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.2.0, faulting module libvout_directx_plugin.dll,
version 0.0.0.0, fault address 0x00006836.

Error - 4/27/2009 10:38:18 PM | Computer Name = JILL-COMPAQ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x001500fc.

Error - 5/5/2009 10:42:11 PM | Computer Name = JILL-COMPAQ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2009 2:08:15 PM | Computer Name = JILL-COMPAQ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2009 10:50:52 PM | Computer Name = JILL-COMPAQ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2009 1:28:56 PM | Computer Name = JILL-COMPAQ | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.3250, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 5/11/2009 11:22:41 PM | Computer Name = JILL-COMPAQ | Source = Application Hang | ID = 1002
Description = Hanging application YAHOOMESSENGER.EXE, version 9.0.0.2152, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2009 1:25:17 PM | Computer Name = JILL-COMPAQ | Source = Application Hang | ID = 1002
Description = Hanging application pav.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/25/2009 5:05:11 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 5:05:43 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 5:05:43 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 5:07:59 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 5:07:59 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 5:08:48 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 5:08:48 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 6:08:49 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 6:08:49 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/25/2009 6:09:34 PM | Computer Name = JILL-COMPAQ | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.


< End of report >

this way worked Im guessing the report was too big to send and or upload so here you are! and ty again

Hi there I notice you do not have an Antivirus, to clean you without one would be a waste of time as you will get re-infected. So lets cure that first

But you will need to be able to access the website so I will kill one of the malware elements first

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  CODE
  :OTLI
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{6A3CC3B7-83B4-467F-9C16-1B8FB00F2030}\\NameServer = 85.255.112.138,85.255.112.9
  O20 - HKLM Winlogon: TaskMan - (D:\RECYCLER\S-1-5-21-0290022821-9453167003-340102894-1310\rundll32.exe) - D:\RECYCLER\S-1-5-21-0290022821-9453167003-340102894-1310\.exe File not found
  [2009/05/14 23:40:25 | 00,000,422 | RHS- | C] () -- D:\autorun.inf
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

I will give you the download and installation instructions for the Antivirus I use, if at a later stage you do not like it I will also recommend several other free Antivirus programmes.

First you have to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer.

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the @ in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose

• Scan all local disks
• scan archive files
• click on Schedule

On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt Post that when complete

i did everything you said to do except it would not let me update and i did not get an email, and when it scanned the programs the option send to chest would not let me it said the chest was full. the only option it would let me do is delete so i canceled it until i hear back from you

ok i finally got the scan thing to put them in the chest but how do i find this

C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt ? where do i go to find it idk.