Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92370 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Computer freezes


  • This topic is locked This topic is locked
18 replies to this topic

#1 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 20 November 2009 - 07:27 PM

My computer freezes up and won't respond at all on occasion. ctr+alt+del doesn't work...mouse and keyboard quit working. It seems to happen when I'm online. It also happens when I'm doing a search in ebay...sometimes after I put a search word in and hit "search", or sometimes when I go to a second page or a search. I'm stumped. I downloaded and ran spybot, and it found alot of spyware, but the computer still freezes up. Any help would be appreciated. :) ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/20 17:14 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF5C0D000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7BCD000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBA36A000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "IPVNMon.sys" at address 0xf74a7cef ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by Desiree Meenan at 17:08:00.10 on Fri 11/20/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.94 [GMT -8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\zHotkey.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\D-Link AirPlus G\AirPlus.exe C:\Program Files\Greetings Workshop\GWREMIND.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Desiree Meenan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/?fr=fptb-msgr uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {18597442-c73f-43b3-bf40-76ed057ede97} - No File BHO: {35E78239-811E-4c3f-B37D-F339AC16C2C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - No File BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: {1962c5bc-e475-465b-823b-133e711bceb9} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: {FE6BC4EF-5676-484B-88AE-883323913256} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} - No File EB: {e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [CHotkey] zHotkey.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe StartupFolder: c:\docume~1\desire~1\startm~1\programs\startup\greeti~1.lnk - c:\program files\greetings workshop\GWREMIND.EXE StartupFolder: c:\documents and settings\desiree meenan\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus g\AirPlus.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: &Search - ?p=ZJxdm025SHUS IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {0A33B48B-3810-495E-B45D-EFDFA6C270B8} = 24.205.192.61 Notify: PCANotify - PCANotify.dll AppInit_DLLs: c:\windows\system32\jalomomo.dll c:\windows\system32\jedepona.dll c:\windows\system32\ribemago.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: SSODL - - No File LSA: Notification Packages = scecli c:\windows\system32\jedepona.dll ============= SERVICES / DRIVERS =============== R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984] R2 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2005-7-11 126976] R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2005-7-11 53248] R3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\MRV8K51.sys [2007-5-17 297984] S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-29 106496] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-2-1 2944] S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2006-1-11 3168] S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2006-1-11 39552] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2003-3-13 61952] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-2-1 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-2-1 10368] S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2004-12-27 83552] =============== Created Last 30 ================ 2009-11-18 07:29 <DIR> --d----- c:\windows\system32\Adobe 2009-11-18 07:26 <DIR> --d----- c:\program files\Trend Micro 2009-11-17 17:34 54,156 a---h--- c:\windows\QTFont.qfn 2009-11-17 17:34 1,409 a------- c:\windows\QTFont.for 2009-11-01 18:22 405 a------- c:\windows\wininit.ini 2009-11-01 17:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-11-01 17:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-11-01 17:23 <DIR> --d----- c:\windows\pss ==================== Find3M ==================== 2009-09-11 06:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 13:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 00:08 916,480 a------- c:\windows\system32\wininet.dll 2009-08-26 00:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-03-25 15:27 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032520090326\index.dat ============= FINISH: 17:08:32.15 ===============

Attached Files


    Advertisements

Register to Remove


#2 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 20 November 2009 - 08:01 PM

Hello renobruce! Welcome to WTT Forums. Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#3 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 20 November 2009 - 08:31 PM

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. The logs from our tools can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please do not delete anything unless instructed to.

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#4 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 20 November 2009 - 09:15 PM

Thanks for the help!!! Here is the log:

ComboFix 09-11-20.02 - Desiree Meenan 11/20/2009 18:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.203 [GMT -8:00]
Running from: c:\documents and settings\Desiree Meenan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\recycler\S-1-5-21-299502267-963894560-682003330-1003
c:\windows\patch.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 01:03 . 2009-11-21 01:03 -------- d-----w- c:\program files\ERUNT
2009-11-18 15:29 . 2009-11-18 15:29 -------- d-----w- c:\windows\system32\Adobe
2009-11-18 15:26 . 2009-11-18 15:26 -------- d-----w- c:\program files\Trend Micro
2009-11-02 01:36 . 2009-11-15 19:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 01:36 . 2009-11-02 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 03:05 . 2007-10-15 18:58 -------- d-----w- c:\program files\Greetings Workshop
2009-11-02 01:23 . 2009-07-11 02:25 -------- d-----w- c:\program files\Charter Security Suite
2009-11-02 01:15 . 2006-03-13 18:08 -------- d-----w- c:\program files\Google
2009-11-02 01:10 . 2007-06-03 02:59 -------- d-----w- c:\program files\The Learning Company
2009-10-28 23:09 . 2004-01-30 16:54 61840 -c--a-w- c:\documents and settings\Desiree Meenan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 23:04 . 2007-11-29 04:25 -------- d-----w- c:\program files\Best Buy Rhapsody
2009-10-28 23:01 . 2009-07-11 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-10-19 01:09 . 2009-10-19 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-11 14:18 . 2003-11-20 09:48 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-11-20 09:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-11-20 09:48 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-11-20 77824]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2003-06-03 496640]

c:\documents and settings\Desiree Meenan\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-3 50688]
PowerReg Scheduler.exe [2007-6-17 189952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2007-5-17 294912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-9-7 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 19:01 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [7/11/2005 10:16 AM 126976]
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [7/11/2005 10:16 AM 53248]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/1/2005 8:10 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [1/11/2006 7:50 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [1/11/2006 7:50 AM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/13/2003 4:04 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/1/2005 8:10 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/1/2005 8:09 AM 10368]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [12/27/2004 11:06 AM 83552]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\Duross Construction 1097526202.job
- c:\program files\Intuit\QuickBooks Premier - Contractor Edition\AutoBackupEXE.exe [2005-02-23 22:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-msgr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search - ?p=ZJxdm025SHUS
Trusted Zone: musicmatch.com\online
TCP: {0A33B48B-3810-495E-B45D-EFDFA6C270B8} = 24.205.192.61
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{18597442-c73f-43b3-bf40-76ed057ede97} - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 19:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2976)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
.
**************************************************************************
.
Completion time: 2009-11-20 19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 03:09

Pre-Run: 109,401,280,512 bytes free
Post-Run: 109,675,872,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 4B2742901BB81C7D75BD98796F64D348



I'll now check and see if there is any difference in how it runs and report back. Thanks again.

#5 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 20 November 2009 - 09:35 PM

I went to My Ebay, put in a search word, and it diplayed the results. Then when I clicked to go to page 2 of the search results, the computer froze up as usual. Had to shut it off the hard way as usual. So no change in my symptoms. :angry:

#6 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 20 November 2009 - 11:00 PM

Please disable this program and leave it disabled until we are done.

SPYBOT TEATIMER
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]


Flush DNS
  • Now go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between ..g /f it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.




Scanning with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Re-Scanning with DDS
Please re-run DDS by sUBs.
Make sure to pay attention to the directions below:
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by doing the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
Please make sure you include the following items in your next post:
1. The log that was produced after running MalwareBytes' Anti-Malware
2. The logs that were produced after running DDS.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#7 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 20 November 2009 - 11:43 PM

Malwarebytes' Anti-Malware 1.41 Database version: 3205 Windows 5.1.2600 Service Pack 3 11/20/2009 9:36:19 PM mbam-log-2009-11-20 (21-36-19).txt Scan type: Quick Scan Objects scanned: 104116 Time elapsed: 4 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 40 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\core.bho1.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho.csbho.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cometapputil.cometuievents.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cometcursor.cometcursor.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\comutil.fcparam.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\comutil.fctcall.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\contextparser.contextproxy.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\contextparser.contextproxymgr.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\contextparser.csregexp.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\contextparser.urlcontextparser.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\core.browserappproxy.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\core.cometframe.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\core.cometwindow.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\core.httpcomm.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\core.mybrowser1.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\core.selfupdater.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\core.windowproxy.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\csband.horizontalieband.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\csband.verticalieband.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cseng.csengine.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cseng.cshost.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cseng.evhandler.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\csip.cscollection.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\csip.csipdispatch.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\csip.csippacket.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\skinui.cskinui.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\skinui.webbrowsersink.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\skinui.windowshelper.1 (Adware.Comet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_09-06-26.01) - NTFSx86 Run by Desiree Meenan at 21:40:00.39 on Fri 11/20/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.172 [GMT -8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\zHotkey.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\D-Link AirPlus G\AirPlus.exe C:\Program Files\Greetings Workshop\GWREMIND.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Desiree Meenan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/?fr=fptb-msgr uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {18597442-c73f-43b3-bf40-76ed057ede97} - No File BHO: {35E78239-811E-4c3f-B37D-F339AC16C2C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {FE6BC4EF-5676-484B-88AE-883323913256} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} - No File uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [CHotkey] zHotkey.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\desire~1\startm~1\programs\startup\greeti~1.lnk - c:\program files\greetings workshop\GWREMIND.EXE StartupFolder: c:\documents and settings\desiree meenan\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus g\AirPlus.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: &Search - ?p=ZJxdm025SHUS IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {0A33B48B-3810-495E-B45D-EFDFA6C270B8} = 24.205.192.61 Notify: PCANotify - PCANotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984] R2 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2005-7-11 126976] R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2005-7-11 53248] R3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\MRV8K51.sys [2007-5-17 297984] S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-29 106496] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-2-1 2944] S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2006-1-11 3168] S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2006-1-11 39552] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2003-3-13 61952] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-2-1 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-2-1 10368] S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2004-12-27 83552] =============== Created Last 30 ================ 2009-11-20 21:29 <DIR> --d----- c:\docume~1\desire~1\applic~1\Malwarebytes 2009-11-20 21:29 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-20 21:29 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-20 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-11-20 21:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-11-20 19:05 54,156 a---h--- c:\windows\QTFont.qfn 2009-11-20 19:05 1,409 a------- c:\windows\QTFont.for 2009-11-20 18:56 <DIR> a-dshr-- C:\cmdcons 2009-11-20 18:55 260,608 a------- c:\windows\PEV.exe 2009-11-20 18:55 161,792 a------- c:\windows\SWREG.exe 2009-11-20 18:55 98,816 a------- c:\windows\sed.exe 2009-11-20 18:55 77,312 a------- c:\windows\MBR.exe 2009-11-18 07:29 <DIR> --d----- c:\windows\system32\Adobe 2009-11-18 07:26 <DIR> --d----- c:\program files\Trend Micro 2009-11-01 18:22 405 a------- c:\windows\wininit.ini 2009-11-01 17:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-11-01 17:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-11-01 17:23 <DIR> --d----- c:\windows\pss ==================== Find3M ==================== 2009-09-11 06:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 13:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-26 00:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-03-25 15:27 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032520090326\index.dat ============= FINISH: 21:40:27.23 ===============

Attached Files



#8 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 21 November 2009 - 06:37 PM

Flush DNS
  • Now go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please make sure you include the following items in your next post:
1. The log that was produced after running ESET Online Scanner.
2. An update on how your computer is currently running.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#9 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 21 November 2009 - 11:09 PM

I ran the online virus scan, and it didn't find anything. I'm still having the same problems. :angry:

#10 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 22 November 2009 - 01:16 PM

OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image

    Advertisements

Register to Remove


#11 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 25 November 2009 - 02:06 PM

Hello renobruce!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Thanks,
SweetTech.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#12 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 25 November 2009 - 10:24 PM

Attached File  OTS.Txt   109.51KB   219 downloads

#13 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 25 November 2009 - 11:11 PM

It appears that it would be easier to read this way:





OTS logfile created on: 11/25/2009 8:13:50 PM - Run 1
OTS by OldTimer - Version 3.1.7.0	 Folder = C:\Documents and Settings\Desiree Meenan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
447.48 Mb Total Physical Memory | 264.13 Mb Available Physical Memory | 59.02% Memory free
1.03 Gb Paging File | 0.78 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 101.29 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PATTYM
Current User Name: Desiree Meenan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\OTS.exe -> [2009/11/25 20:13:01 | 00,526,848 | ---- | M] (OldTimer Tools)
ashdisp.exe -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe -> [2009/09/15 03:56:48 | 00,081,000 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/09/15 03:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/09/15 03:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/09/15 03:54:13 | 00,352,920 | ---- | M] (ALWIL Software)
aswupdsv.exe -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software)
wmiprvse.exe -> C:\WINDOWS\system32\wbem\wmiprvse.exe -> [2009/02/06 02:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
lic98rmt.exe -> C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -> [2005/07/11 10:16:00 | 00,126,976 | ---- | M] (Computer Associates International Inc.)
logwatnt.exe -> C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -> [2005/07/11 10:16:00 | 00,053,248 | ---- | M] (Computer Associates)
airplus.exe -> C:\Program Files\D-Link AirPlus G\AIRPLUS.exe -> [2004/01/06 20:19:38 | 00,294,912 | ---- | M] (D-Link)
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> [2003/11/20 03:29:37 | 00,077,824 | ---- | M] (Apple Computer, Inc.)
acsd.exe -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> [2003/08/06 16:58:26 | 01,376,360 | ---- | M] (America Online, Inc.)
zhotkey.exe -> C:\WINDOWS\zHotkey.exe -> [2003/06/03 11:01:32 | 00,496,640 | ---- | M] (Chicony)
slserv.exe -> C:\WINDOWS\system32\slserv.exe -> [2003/01/17 01:02:00 | 00,045,056 | ---- | M] ( )
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2003/01/10 17:13:04 | 00,065,536 | ---- | M] (America Online, Inc.)
gwremind.exe -> C:\Program Files\Greetings Workshop\GWREMIND.EXE -> [1997/09/03 23:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\OTS.exe -> [2009/11/25 20:13:01 | 00,526,848 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\wbem\framedyn.dll -> [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2003/03/31 04:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2003/03/31 04:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/09/15 03:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/09/15 03:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/09/15 03:54:13 | 00,352,920 | ---- | M] (ALWIL Software)
(aswUpdSv) avast! iAVS4 Control Service [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software)
(helpsvc) Help and Support [Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(CA_LIC_CLNT) CA License Client [Auto | Running] -> C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -> [2005/07/11 10:16:00 | 00,126,976 | ---- | M] (Computer Associates International Inc.)
(LogWatch) Event Log Watch [Auto | Running] -> C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -> [2005/07/11 10:16:00 | 00,053,248 | ---- | M] (Computer Associates)
(Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP)
(aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(awhost32) pcAnywhere Host Service [On_Demand | Stopped] -> C:\Program Files\Symantec\pcAnywhere\awhost32.exe -> [2003/10/31 11:01:00 | 00,106,496 | ---- | M] (Symantec Corporation)
(AOL ACS) AOL Connectivity Service [Auto | Running] -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> [2003/08/06 16:58:26 | 01,376,360 | ---- | M] (America Online, Inc.)
(SLService) SmartLinkService [Auto | Running] -> C:\WINDOWS\System32\slserv.exe -> [2003/01/17 01:02:00 | 00,045,056 | ---- | M] ( )
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2003/01/10 17:13:04 | 00,065,536 | ---- | M] (America Online, Inc.)
 
[Driver Services - Safe List]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswmon2.sys -> [2009/09/15 03:56:14 | 00,094,160 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswSP.sys -> [2009/09/15 03:55:30 | 00,114,768 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswFsBlk.sys -> [2009/09/15 03:55:19 | 00,020,560 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswTdi.sys -> [2009/09/15 03:54:30 | 00,052,368 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aswRdr.sys -> [2009/09/15 03:54:21 | 00,023,152 | ---- | M] (ALWIL Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aavmker4.sys -> [2009/09/15 03:53:24 | 00,027,408 | ---- | M] (ALWIL Software)
(mf) mf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mf.sys -> [2008/04/13 10:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation)
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mcstrm.sys -> [2007/11/28 20:35:26 | 00,008,413 | ---- | M] (RealNetworks, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2005/05/13 18:50:10 | 00,123,488 | ---- | M] (Symantec Corporation)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2004/10/04 15:26:08 | 00,021,744 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2004/10/04 15:26:04 | 00,016,496 | R--- | M] (HP)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2004/10/04 15:26:03 | 00,051,120 | R--- | M] (HP)
(RecAgent) RecAgent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\recagent.sys -> [2004/08/03 22:41:40 | 00,013,776 | ---- | M] (Smart Link)
(W8100PCI) D-Link AirPlus G Wireless Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\MRV8K51.sys -> [2004/01/08 19:46:18 | 00,297,984 | R--- | M] (Marvell Semiconductor, Inc)
(AW_HOST) AW_HOST [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AW_HOST5.sys -> [2003/10/24 09:53:08 | 00,016,984 | ---- | M] (Symantec Corporation)
(viagfx) viagfx [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\vtmini.sys -> [2003/10/16 15:19:40 | 00,117,760 | ---- | M] (Copyright (C) VIA/S3 Graphics, Inc.)
(FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\fetnd5b.sys -> [2003/09/04 10:37:04 | 00,041,984 | ---- | M] (VIA Technologies, Inc.			  )
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/08/21 16:31:52 | 00,462,940 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/08/14 23:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(m4301a) Linksys Wireless-B USB Network Adapter v4.0 Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\m4301A.sys -> [2003/08/04 23:07:00 | 00,083,552 | R--- | M] (ALinx Corporation)
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\viaagp1.sys -> [2003/07/02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.)
(FVNETusb) Linksys Wireless-B USB Network Adapter v2.8 Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\vnet558x.sys -> [2003/06/12 01:56:44 | 00,098,304 | R--- | M] (ATMEL)
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\GERNUWA.sys -> [2003/04/21 13:00:32 | 00,013,898 | R--- | M] (Symantec Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2003/03/31 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rootmdm.sys -> [2003/03/31 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(BrSerWDM) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BrSerWdm.sys -> [2003/03/13 16:04:20 | 00,061,952 | ---- | M] (Brother Industries Ltd.)
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mtlstrm.sys -> [2003/02/16 16:33:00 | 01,293,192 | ---- | M] ( )
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\slnthal.sys -> [2003/02/16 15:12:00 | 00,085,520 | ---- | M] ( )
(Slntamr) SmartLink AMR_PCI Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\slntamr.sys -> [2003/02/16 15:11:00 | 00,516,616 | ---- | M] ( )
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mtlmnt5.sys -> [2003/02/16 15:08:00 | 00,210,128 | ---- | M] ( )
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ntmtlfax.sys -> [2003/02/05 16:25:00 | 00,162,136 | ---- | M] ( )
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\slwdmsup.sys -> [2003/01/17 00:19:00 | 00,039,348 | ---- | M] (Vireo Software)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\serscan.sys -> [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation)
(brparimg) Brother Multi Function Parallel Image driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BrParImg.sys -> [2001/08/17 13:12:24 | 00,003,168 | ---- | M] (Brother Industries Ltd.)
(BrUsbScn) Brother MFC USB Scanner driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BrUsbScn.sys -> [2001/08/17 13:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BrUsbMdm.sys -> [2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.)
(BrParWdm) Brother WDM Parallel Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BrParwdm.sys -> [2001/08/17 13:12:18 | 00,039,552 | ---- | M] (Brother Industries Ltd.)
(brfilt) Brother MFC Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BrFilt.sys -> [2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2001/08/17 05:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/?fr=fptb-msgr -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 02:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\CompuServe 7.0\Extensions ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\ ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2009/11/18 07:29:57 | 00,000,000 | ---D | M]
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2009/11/18 07:29:57 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 02:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/01/12 19:38:22 | 00,063,128 | ---- | M] (Adobe Systems Incorporated)
{18597442-c73f-43b3-bf40-76ed057ede97} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{35E78239-811E-4c3f-B37D-F339AC16C2C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 02:47:42 | 00,160,496 | ---- | M] (Yahoo! Inc)
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 02:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 02:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
WebBrowser\\"{FE6BC4EF-5676-484B-88AE-883323913256}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avast!" -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2009/09/15 03:56:48 | 00,081,000 | ---- | M] (ALWIL Software)
"CHotkey" -> C:\WINDOWS\zHotkey.exe [zHotkey.exe] -> [2003/06/03 11:01:32 | 00,496,640 | ---- | M] (Chicony)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2003/11/20 03:29:37 | 00,077,824 | ---- | M] (Apple Computer, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> [2009/03/18 17:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk -> C:\Program Files\D-Link AirPlus G\AIRPLUS.exe -> [2004/01/06 20:19:38 | 00,294,912 | ---- | M] (D-Link)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 12:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2005/02/15 15:26:20 | 00,724,992 | ---- | M] (Intuit, Inc.)
< Desiree Meenan Startup Folder > -> C:\Documents and Settings\Desiree Meenan\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Desiree Meenan\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk -> C:\Program Files\Greetings Workshop\GWREMIND.EXE -> [1997/09/03 23:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation)
 -> C:\Documents and Settings\Desiree Meenan\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [2007/06/17 22:33:46 | 00,189,952 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Search ->  [?p=ZJxdm025SHUS] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{2499216C-4BA5-11D5-BD9C-000103C116D5}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [HKLM] -> http://www.musicnotes.com/download/mnviewer.cab [Musicnotes Viewer] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab [Disney Online Games ActiveX Control] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] -> 
{A4639D2F-774E-11D3-A490-00C04F6843FB} [HKLM] -> http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab [IEAnimBehaviorFactory Class] -> 
{CA11EB7C-1C85-4577-8A49-9E28EFB30184} [HKLM] -> http://www.umediaserver.net/bin/UMediaControl4.cab [UMediaPlayer Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0A33B48B-3810-495E-B45D-EFDFA6C270B8}\\NameServer -> 24.205.192.61   (Linksys Wireless-B USB Network Adapter v2.8) -> 
{0D4950E0-2622-4F3A-97C7-70D0110EA63E}\\DhcpNameServer -> 192.168.0.1   (D-Link AirPlus G DWL-G510 Wireless PCI Card) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
PCANotify -> C:\WINDOWS\System32\PCANotify.dll -> [2003/10/31 11:01:00 | 00,008,704 | ---- | M] (Symantec Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe" -> C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe [C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe:*:Enabled:eTrust Antivirus - Admin Server] -> [2004/09/16 10:42:54 | 00,356,624 | ---- | M] (Computer Associates International, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" -> C:\Program Files\Symantec\pcAnywhere\awhost32.exe [C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service] -> [2003/10/31 11:01:00 | 00,106,496 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" -> C:\Program Files\Symantec\pcAnywhere\awrem32.exe [C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service] -> [2003/05/29 11:00:00 | 00,114,688 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\Winaw32.exe" -> C:\Program Files\Symantec\pcAnywhere\Winaw32.exe [C:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable] -> [2003/10/31 11:01:00 | 00,704,512 | ---- | M] (Symantec Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/03/18 17:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2003/11/20 03:00:28 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\OTS.exe -> [2009/11/25 20:12:58 | 00,526,848 | ---- | C] (OldTimer Tools)
 aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2009/11/22 10:34:11 | 00,023,152 | ---- | C] (ALWIL Software)
 aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2009/11/22 10:34:10 | 00,052,368 | ---- | C] (ALWIL Software)
 aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2009/11/22 10:34:10 | 00,027,408 | ---- | C] (ALWIL Software)
 AvastSS.scr -> C:\WINDOWS\System32\AvastSS.scr -> [2009/11/22 10:34:08 | 00,097,480 | ---- | C] (ALWIL Software)
 aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2009/11/22 10:34:07 | 00,114,768 | ---- | C] (ALWIL Software)
 aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2009/11/22 10:34:07 | 00,094,160 | ---- | C] (ALWIL Software)
 aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2009/11/22 10:34:07 | 00,093,424 | ---- | C] (ALWIL Software)
 aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2009/11/22 10:34:07 | 00,020,560 | ---- | C] (ALWIL Software)
 aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2009/11/22 10:33:48 | 01,279,968 | ---- | C] (ALWIL Software)
 MFC71.dll -> C:\WINDOWS\System32\MFC71.dll -> [2009/11/22 10:33:48 | 01,060,864 | ---- | C] (Microsoft Corporation)
 Alwil Software -> C:\Program Files\Alwil Software -> [2009/11/22 10:33:46 | 00,000,000 | ---D | C]
 avast_home_setup.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\avast_home_setup.exe -> [2009/11/22 10:28:32 | 00,308,160 | ---- | C] (ALWIL Software)
 Malwarebytes -> C:\Documents and Settings\Desiree Meenan\Application Data\Malwarebytes -> [2009/11/20 21:29:39 | 00,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/11/20 21:29:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/11/20 21:29:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/11/20 21:29:32 | 00,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/11/20 21:29:31 | 00,000,000 | ---D | C]
 mbam-setup.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\mbam-setup.exe -> [2009/11/20 21:26:54 | 04,045,528 | ---- | C] (Malwarebytes Corporation									)
 cmdcons -> C:\cmdcons -> [2009/11/20 18:56:30 | 00,000,000 | RHSD | C]
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/11/20 18:55:14 | 00,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/11/20 18:55:14 | 00,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/11/20 18:55:14 | 00,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/11/20 18:55:14 | 00,031,232 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2009/11/20 18:54:36 | 00,000,000 | ---D | C]
 RootRepeal.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\RootRepeal.exe -> [2009/11/20 17:11:11 | 00,472,064 | ---- | C] ( )
 ERDNT -> C:\WINDOWS\ERDNT -> [2009/11/20 17:04:38 | 00,000,000 | ---D | C]
 ERUNT -> C:\Program Files\ERUNT -> [2009/11/20 17:03:52 | 00,000,000 | ---D | C]
 Adobe -> C:\WINDOWS\System32\Adobe -> [2009/11/18 07:29:35 | 00,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2009/11/18 07:26:41 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/11/01 17:36:17 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/11/01 17:36:17 | 00,000,000 | ---D | C]
 pss -> C:\WINDOWS\pss -> [2009/11/01 17:23:26 | 00,000,000 | ---D | C]
 slntamr.sys -> C:\WINDOWS\System32\drivers\slntamr.sys -> [2003/11/20 01:49:11 | 00,516,616 | ---- | C] ( )
 slnthal.sys -> C:\WINDOWS\System32\drivers\slnthal.sys -> [2003/11/20 01:49:11 | 00,085,520 | ---- | C] ( )
 mtlstrm.sys -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> [2003/11/20 01:49:10 | 01,293,192 | ---- | C] ( )
 mtlmnt5.sys -> C:\WINDOWS\System32\drivers\mtlmnt5.sys -> [2003/11/20 01:49:10 | 00,210,128 | ---- | C] ( )
 ntmtlfax.sys -> C:\WINDOWS\System32\drivers\ntmtlfax.sys -> [2003/11/20 01:49:10 | 00,162,136 | ---- | C] ( )
 winddx.sys -> C:\WINDOWS\System32\drivers\winddx.sys -> [2003/11/19 18:54:50 | 00,014,976 | ---- | C] ( )
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\OTS.exe -> [2009/11/25 20:13:01 | 00,526,848 | ---- | M] (OldTimer Tools)
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/11/25 03:18:33 | 00,001,158 | ---- | M] ()
 QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2009/11/25 03:18:32 | 00,054,156 | -H-- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/11/25 03:18:14 | 00,000,006 | -H-- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2009/11/25 03:18:00 | 46,929,1008 | -HS- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/11/25 03:18:00 | 00,002,048 | --S- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Desiree Meenan\NTUSER.DAT -> [2009/11/25 03:17:06 | 04,456,448 | -H-- | M] ()
 ntuser.ini -> C:\Documents and Settings\Desiree Meenan\ntuser.ini -> [2009/11/25 03:17:06 | 00,000,278 | -HS- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/11/25 03:01:50 | 00,001,393 | ---- | M] ()
 Duross Construction 1097526202.job -> C:\WINDOWS\tasks\Duross Construction 1097526202.job -> [2009/11/23 16:00:00 | 00,000,548 | -H-- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\Microsoft Word.lnk -> [2009/11/22 20:45:24 | 00,002,473 | ---- | M] ()
 QTFont.for -> C:\WINDOWS\QTFont.for -> [2009/11/22 15:30:37 | 00,001,409 | ---- | M] ()
 avast! Antivirus.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk -> [2009/11/22 10:34:11 | 00,001,743 | ---- | M] ()
 CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2009/11/22 10:34:07 | 00,002,626 | ---- | M] ()
 avast_home_setup.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\avast_home_setup.exe -> [2009/11/22 10:28:33 | 00,308,160 | ---- | M] (ALWIL Software)
 Tips for being cooler.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\Tips for being cooler.doc -> [2009/11/21 17:59:20 | 00,020,480 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/11/20 21:29:36 | 00,000,730 | ---- | M] ()
 mbam-setup.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\mbam-setup.exe -> [2009/11/20 21:26:54 | 04,045,528 | ---- | M] (Malwarebytes Corporation									)
 system.ini -> C:\WINDOWS\system.ini -> [2009/11/20 19:05:10 | 00,000,271 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/11/20 19:05:03 | 00,000,027 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2009/11/20 18:56:37 | 00,000,281 | RHS- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\ComboFix.exe -> [2009/11/20 18:54:11 | 03,570,958 | R--- | M] ()
 settings.dat -> C:\Documents and Settings\Desiree Meenan\Desktop\settings.dat -> [2009/11/20 17:11:25 | 00,000,000 | ---- | M] ()
 RootRepeal.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\RootRepeal.exe -> [2009/11/20 17:11:14 | 00,472,064 | ---- | M] ( )
 dds.scr -> C:\Documents and Settings\Desiree Meenan\Desktop\dds.scr -> [2009/11/20 17:05:36 | 00,359,929 | ---- | M] ()
 NTREGOPT.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\NTREGOPT.lnk -> [2009/11/20 17:03:53 | 00,000,645 | ---- | M] ()
 ERUNT.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\ERUNT.lnk -> [2009/11/20 17:03:53 | 00,000,626 | ---- | M] ()
 My eBay.url -> C:\Documents and Settings\Desiree Meenan\Desktop\My eBay.url -> [2009/11/18 17:06:07 | 00,000,826 | ---- | M] ()
 IconCache.db -> C:\Documents and Settings\Desiree Meenan\Local Settings\Application Data\IconCache.db -> [2009/11/18 16:51:48 | 03,081,934 | -H-- | M] ()
 Yahoo!.url -> C:\Documents and Settings\Desiree Meenan\Desktop\Yahoo!.url -> [2009/11/18 15:41:21 | 00,000,240 | ---- | M] ()
 HijackThis.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\HijackThis.lnk -> [2009/11/18 07:26:42 | 00,001,768 | ---- | M] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/11/14 01:47:57 | 00,260,608 | ---- | M] ()
 yahoo answers.url -> C:\Documents and Settings\Desiree Meenan\Desktop\yahoo answers.url -> [2009/11/11 20:46:37 | 00,000,479 | ---- | M] ()
 YouTube.url -> C:\Documents and Settings\Desiree Meenan\Desktop\YouTube.url -> [2009/11/11 19:45:07 | 00,001,062 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/11/11 03:19:04 | 00,239,144 | ---- | M] ()
 revolutionary war poster.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\revolutionary war poster.doc -> [2009/11/05 17:32:14 | 00,110,080 | ---- | M] ()
 MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/11/05 09:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation)
 SCARY STORY ROUGH DRAFT.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\SCARY STORY ROUGH DRAFT.doc -> [2009/11/01 22:04:54 | 00,064,000 | ---- | M] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/11/01 18:22:59 | 00,000,405 | ---- | M] ()
 hosts.20091101-182251.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20091101-182251.backup -> [2009/11/01 18:22:51 | 00,001,231 | R--- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\Spybot - Search & Destroy.lnk -> [2009/11/01 17:36:22 | 00,000,967 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2009/11/01 17:25:13 | 00,001,004 | ---- | M] ()
 Boot.bak -> C:\Boot.bak -> [2009/11/01 17:25:13 | 00,000,211 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/11/01 17:09:20 | 00,443,286 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/11/01 17:09:20 | 00,382,966 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/11/01 17:09:20 | 00,053,978 | ---- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Desiree Meenan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/10/28 15:09:10 | 00,061,840 | ---- | M] ()
 tzchange.exe -> C:\WINDOWS\System32\tzchange.exe -> [2009/10/28 07:07:15 | 00,046,080 | ---- | M] (Microsoft Corporation)
 ABC book.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\ABC book.doc -> [2009/10/28 04:47:42 | 00,147,456 | ---- | M] ()
 80 C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\*.tmp -> 
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2009/11/22 15:30:37 | 00,054,156 | -H-- | C] ()
 QTFont.for -> C:\WINDOWS\QTFont.for -> [2009/11/22 15:30:37 | 00,001,409 | ---- | C] ()
 avast! Antivirus.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk -> [2009/11/22 10:34:11 | 00,001,743 | ---- | C] ()
 actskin4.ocx -> C:\WINDOWS\System32\actskin4.ocx -> [2009/11/22 10:33:48 | 00,380,928 | ---- | C] ()
 Tips for being cooler.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\Tips for being cooler.doc -> [2009/11/21 17:59:19 | 00,020,480 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/11/20 21:29:36 | 00,000,730 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2009/11/20 18:56:37 | 00,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2009/11/20 18:56:33 | 00,260,272 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/11/20 18:55:14 | 00,260,608 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2009/11/20 18:55:14 | 00,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2009/11/20 18:55:14 | 00,080,412 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2009/11/20 18:55:14 | 00,077,312 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2009/11/20 18:55:14 | 00,068,096 | ---- | C] ()
 ComboFix.exe -> C:\Documents and Settings\Desiree Meenan\Desktop\ComboFix.exe -> [2009/11/20 18:54:11 | 03,570,958 | R--- | C] ()
 settings.dat -> C:\Documents and Settings\Desiree Meenan\Desktop\settings.dat -> [2009/11/20 17:11:25 | 00,000,000 | ---- | C] ()
 dds.scr -> C:\Documents and Settings\Desiree Meenan\Desktop\dds.scr -> [2009/11/20 17:05:33 | 00,359,929 | ---- | C] ()
 NTREGOPT.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\NTREGOPT.lnk -> [2009/11/20 17:03:53 | 00,000,645 | ---- | C] ()
 ERUNT.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\ERUNT.lnk -> [2009/11/20 17:03:53 | 00,000,626 | ---- | C] ()
 HijackThis.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\HijackThis.lnk -> [2009/11/18 07:26:42 | 00,001,768 | ---- | C] ()
 revolutionary war poster.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\revolutionary war poster.doc -> [2009/11/05 17:32:13 | 00,110,080 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/11/01 18:22:58 | 00,000,405 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Desiree Meenan\Desktop\Spybot - Search & Destroy.lnk -> [2009/11/01 17:36:22 | 00,000,967 | ---- | C] ()
 SCARY STORY ROUGH DRAFT.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\SCARY STORY ROUGH DRAFT.doc -> [2009/10/28 16:15:49 | 00,064,000 | ---- | C] ()
 ABC book.doc -> C:\Documents and Settings\Desiree Meenan\My Documents\ABC book.doc -> [2009/10/27 17:38:02 | 00,147,456 | ---- | C] ()
 iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [2008/03/14 11:47:45 | 00,056,832 | ---- | C] ()
 QTW.INI -> C:\WINDOWS\QTW.INI -> [2007/07/18 12:11:38 | 00,000,305 | ---- | C] ()
 TLCAPPS.INI -> C:\WINDOWS\TLCAPPS.INI -> [2007/06/02 18:59:13 | 00,000,229 | ---- | C] ()
 SETUP32.INI -> C:\WINDOWS\SETUP32.INI -> [2007/06/02 18:58:54 | 00,000,000 | ---- | C] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2006/07/28 09:23:23 | 00,000,879 | ---- | C] ()
 HPGdiPlus.ini -> C:\WINDOWS\HPGdiPlus.ini -> [2006/06/26 06:15:48 | 00,000,206 | ---- | C] ()
 liveup.ini -> C:\WINDOWS\liveup.ini -> [2006/03/17 13:21:42 | 00,000,044 | ---- | C] ()
 hptcpmon.ini -> C:\WINDOWS\System32\hptcpmon.ini -> [2006/01/19 08:34:26 | 00,003,399 | R--- | C] ()
 AddPort.ini -> C:\WINDOWS\System32\AddPort.ini -> [2006/01/19 08:34:26 | 00,000,136 | ---- | C] ()
 hpntwksetup.ini -> C:\WINDOWS\hpntwksetup.ini -> [2006/01/19 08:34:13 | 00,000,700 | ---- | C] ()
 Install.ini -> C:\WINDOWS\Install.ini -> [2005/09/14 10:53:06 | 00,000,028 | ---- | C] ()
 BrmfBidi.ini -> C:\WINDOWS\BrmfBidi.ini -> [2005/02/01 08:10:08 | 00,002,183 | ---- | C] ()
 YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2004/12/27 11:39:56 | 00,065,536 | ---- | C] ()
 hpqEmlSz.INI -> C:\WINDOWS\hpqEmlSz.INI -> [2004/11/08 10:19:57 | 00,000,000 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2004/10/14 07:44:25 | 00,000,376 | ---- | C] ()
 A6W.INI -> C:\WINDOWS\A6W.INI -> [2004/09/30 09:37:08 | 00,000,035 | ---- | C] ()
 WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2004/09/27 07:32:20 | 00,000,754 | ---- | C] ()
 tx32.dll -> C:\WINDOWS\System32\tx32.dll -> [2004/09/07 08:20:04 | 00,375,296 | ---- | C] ()
 Ic32.ini -> C:\WINDOWS\System32\Ic32.ini -> [2004/09/07 08:20:04 | 00,000,202 | ---- | C] ()
 ntio412.sys -> C:\WINDOWS\System32\ntio412.sys -> [2004/05/17 14:43:09 | 00,035,424 | ---- | C] ()
 ntio404.sys -> C:\WINDOWS\System32\ntio404.sys -> [2004/05/17 14:43:07 | 00,034,560 | ---- | C] ()
 ntio804.sys -> C:\WINDOWS\System32\ntio804.sys -> [2004/05/17 14:43:06 | 00,034,560 | ---- | C] ()
 ntio411.sys -> C:\WINDOWS\System32\ntio411.sys -> [2004/05/17 14:43:04 | 00,035,648 | ---- | C] ()
 ntio.sys -> C:\WINDOWS\System32\ntio.sys -> [2004/05/17 14:43:02 | 00,033,840 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2003/11/20 04:00:12 | 00,000,061 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2003/11/20 03:37:40 | 00,363,520 | ---- | C] ()
 winamp.ini -> C:\WINDOWS\winamp.ini -> [2003/11/20 03:27:40 | 00,000,132 | ---- | C] ()
 net2fone.ini -> C:\WINDOWS\net2fone.ini -> [2003/11/20 03:27:07 | 00,000,310 | ---- | C] ()
 PIC.dll -> C:\WINDOWS\PIC.dll -> [2003/11/20 03:09:53 | 00,532,544 | ---- | C] ()
 HKNTDLL.dll -> C:\WINDOWS\HKNTDLL.dll -> [2003/11/20 03:09:53 | 00,024,576 | ---- | C] ()
 avrack.ini -> C:\WINDOWS\avrack.ini -> [2003/11/20 03:08:07 | 00,000,164 | ---- | C] ()
 control.ini -> C:\WINDOWS\control.ini -> [2003/11/20 03:00:28 | 00,000,000 | ---- | C] ()
 vbaddin.ini -> C:\WINDOWS\vbaddin.ini -> [2003/11/20 02:58:05 | 00,000,059 | ---- | C] ()
 vb.ini -> C:\WINDOWS\vb.ini -> [2003/11/20 02:58:05 | 00,000,036 | ---- | C] ()
 tslabels.ini -> C:\WINDOWS\System32\tslabels.ini -> [2003/11/20 02:57:18 | 00,013,223 | ---- | C] ()
 msdtcprf.ini -> C:\WINDOWS\System32\msdtcprf.ini -> [2003/11/20 02:57:17 | 00,001,931 | ---- | C] ()
 slextspk.dll -> C:\WINDOWS\System32\slextspk.dll -> [2003/11/20 01:49:11 | 00,188,416 | ---- | C] ()
 SLGen.dll -> C:\WINDOWS\System32\SLGen.dll -> [2003/11/20 01:49:11 | 00,159,744 | ---- | C] ()
 coinst.dll -> C:\WINDOWS\System32\coinst.dll -> [2003/11/20 01:49:10 | 00,049,152 | ---- | C] ()
 oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2003/11/20 01:49:04 | 00,001,094 | ---- | C] ()
 emver.ini -> C:\WINDOWS\System32\emver.ini -> [2003/11/20 01:49:04 | 00,000,468 | ---- | C] ()
 win87em.dll -> C:\WINDOWS\System32\win87em.dll -> [2003/11/20 01:48:40 | 00,013,312 | ---- | C] ()
 win.ini -> C:\WINDOWS\win.ini -> [2003/11/20 01:48:40 | 00,001,004 | ---- | C] ()
 tcpmon.ini -> C:\WINDOWS\System32\tcpmon.ini -> [2003/11/20 01:48:37 | 00,053,478 | ---- | C] ()
 tsd32.dll -> C:\WINDOWS\System32\tsd32.dll -> [2003/11/20 01:48:37 | 00,015,360 | ---- | C] ()
 system.ini -> C:\WINDOWS\system.ini -> [2003/11/20 01:48:36 | 00,000,271 | ---- | C] ()
 sbe.dll -> C:\WINDOWS\System32\sbe.dll -> [2003/11/20 01:48:31 | 00,270,848 | ---- | C] ()
 rsvp.ini -> C:\WINDOWS\System32\rsvp.ini -> [2003/11/20 01:48:30 | 00,012,082 | ---- | C] ()
 dxmasf.dll -> C:\WINDOWS\System32\dxmasf.dll -> [2003/11/20 01:48:29 | 00,498,742 | ---- | C] ()
 rasctrs.ini -> C:\WINDOWS\System32\rasctrs.ini -> [2003/11/20 01:48:29 | 00,003,458 | ---- | C] ()
 pschdprf.ini -> C:\WINDOWS\System32\pschdprf.ini -> [2003/11/20 01:48:28 | 00,006,877 | ---- | C] ()
 perfci.ini -> C:\WINDOWS\System32\perfci.ini -> [2003/11/20 01:48:28 | 00,002,891 | ---- | C] ()
 perfwci.ini -> C:\WINDOWS\System32\perfwci.ini -> [2003/11/20 01:48:28 | 00,002,732 | ---- | C] ()
 perffilt.ini -> C:\WINDOWS\System32\perffilt.ini -> [2003/11/20 01:48:28 | 00,001,152 | ---- | C] ()
 prodspec.ini -> C:\WINDOWS\System32\prodspec.ini -> [2003/11/20 01:48:28 | 00,000,343 | ---- | C] ()
 ntdos411.sys -> C:\WINDOWS\System32\ntdos411.sys -> [2003/11/20 01:48:22 | 00,029,370 | ---- | C] ()
 ntdos412.sys -> C:\WINDOWS\System32\ntdos412.sys -> [2003/11/20 01:48:22 | 00,029,274 | ---- | C] ()
 ntdos804.sys -> C:\WINDOWS\System32\ntdos804.sys -> [2003/11/20 01:48:22 | 00,029,146 | ---- | C] ()
 ntdos404.sys -> C:\WINDOWS\System32\ntdos404.sys -> [2003/11/20 01:48:22 | 00,029,146 | ---- | C] ()
 ntdos.sys -> C:\WINDOWS\System32\ntdos.sys -> [2003/11/20 01:48:22 | 00,027,866 | ---- | C] ()
 msencode.dll -> C:\WINDOWS\System32\msencode.dll -> [2003/11/20 01:48:16 | 00,094,282 | ---- | C] ()
 msdxmlc.dll -> C:\WINDOWS\System32\msdxmlc.dll -> [2003/11/20 01:48:16 | 00,004,126 | ---- | C] ()
 msdfmap.ini -> C:\WINDOWS\msdfmap.ini -> [2003/11/20 01:48:16 | 00,001,405 | ---- | C] ()
 key01.sys -> C:\WINDOWS\System32\key01.sys -> [2003/11/20 01:48:09 | 00,042,809 | ---- | C] ()
 keyboard.sys -> C:\WINDOWS\System32\keyboard.sys -> [2003/11/20 01:48:09 | 00,042,537 | ---- | C] ()
 ir32_32.dll -> C:\WINDOWS\System32\ir32_32.dll -> [2003/11/20 01:48:08 | 00,199,168 | ---- | C] ()
 himem.sys -> C:\WINDOWS\System32\himem.sys -> [2003/11/20 01:48:04 | 00,004,768 | ---- | C] ()
 esentprf.ini -> C:\WINDOWS\System32\esentprf.ini -> [2003/11/20 01:48:01 | 01,015,477 | ---- | C] ()
 encdec.dll -> C:\WINDOWS\System32\encdec.dll -> [2003/11/20 01:48:00 | 00,186,880 | ---- | C] ()
 compatui.dll -> C:\WINDOWS\System32\compatui.dll -> [2003/11/20 01:47:46 | 00,252,928 | ---- | C] ()
 country.sys -> C:\WINDOWS\System32\country.sys -> [2003/11/20 01:47:46 | 00,027,097 | ---- | C] ()
 msjetoledb40.dll -> C:\WINDOWS\System32\msjetoledb40.dll -> [2003/11/20 01:47:44 | 00,355,112 | ---- | C] ()
 ansi.sys -> C:\WINDOWS\System32\ansi.sys -> [2003/11/20 01:47:40 | 00,009,029 | ---- | C] ()
 SLLights.dll -> C:\WINDOWS\System32\SLLights.dll -> [2003/11/19 18:54:50 | 00,466,944 | ---- | C] ()
 amr_cpl.dll -> C:\WINDOWS\System32\amr_cpl.dll -> [2003/11/19 18:54:50 | 00,151,552 | ---- | C] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2003/11/19 18:53:39 | 00,443,286 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2003/11/19 18:53:38 | 00,004,161 | ---- | C] ()
 patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2003/07/14 11:30:28 | 00,197,120 | ---- | C] ()
 quartz.dll -> C:\WINDOWS\System32\quartz.dll -> [2003/05/30 09:00:02 | 01,291,264 | ---- | C] ()
 qdvd.dll -> C:\WINDOWS\System32\qdvd.dll -> [2003/05/30 09:00:02 | 00,386,048 | ---- | C] ()
 devenum.dll -> C:\WINDOWS\System32\devenum.dll -> [2003/05/30 09:00:02 | 00,059,904 | ---- | C] ()
 qedwipes.dll -> C:\WINDOWS\System32\qedwipes.dll -> [2002/12/12 00:14:32 | 00,733,696 | ---- | C] ()
 qedit.dll -> C:\WINDOWS\System32\qedit.dll -> [2002/12/12 00:14:32 | 00,562,176 | ---- | C] ()
 qdv.dll -> C:\WINDOWS\System32\qdv.dll -> [2002/12/12 00:14:32 | 00,279,040 | ---- | C] ()
 qcap.dll -> C:\WINDOWS\System32\qcap.dll -> [2002/12/12 00:14:32 | 00,192,512 | ---- | C] ()
 amstream.dll -> C:\WINDOWS\System32\amstream.dll -> [2002/12/12 00:14:32 | 00,070,656 | ---- | C] ()
 mciqtz32.dll -> C:\WINDOWS\System32\mciqtz32.dll -> [2002/12/12 00:14:32 | 00,035,328 | ---- | C] ()
 msdmo.dll -> C:\WINDOWS\System32\msdmo.dll -> [2002/12/12 00:14:32 | 00,014,336 | ---- | C] ()
 paqsp.dll -> C:\WINDOWS\System32\paqsp.dll -> [2001/08/17 14:36:28 | 00,157,696 | ---- | C] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 10:46:58 | 00,065,536 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
< End of report >


#14 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 26 November 2009 - 12:27 AM

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {18597442-c73f-43b3-bf40-76ed057ede97} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {35E78239-811E-4c3f-B37D-F339AC16C2C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{FE6BC4EF-5676-484B-88AE-883323913256}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Desiree Meenan Startup Folder > -> C:\Documents and Settings\Desiree Meenan\Start Menu\Programs\Startup
YY -> ~EmptyValue -> C:\Documents and Settings\Desiree Meenan\Start Menu\Programs\Startup\PowerReg Scheduler.exe
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Search -> [?p=ZJxdm025SHUS]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{2499216C-4BA5-11D5-BD9C-000103C116D5}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  80 C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\*.tmp
NY ->  2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Empty Temp Folders]
[CreateRestorePoint]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Please make sure that you provide the log that was produced after running OTS as well as an update on how your computer is currently running.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#15 renobruce

renobruce

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 26 November 2009 - 04:17 PM

Running OTS Fix



Well, so far it hasn't froze up! Here is the log:

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18597442-c73f-43b3-bf40-76ed057ede97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18597442-c73f-43b3-bf40-76ed057ede97}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35E78239-811E-4c3f-B37D-F339AC16C2C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35E78239-811E-4c3f-B37D-F339AC16C2C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE6BC4EF-5676-484B-88AE-883323913256}\ not found.
C:\Documents and Settings\Desiree Meenan\Start Menu\Programs\Startup\PowerReg Scheduler.exe moved successfully.
File ~EmptyValue not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2499216C-4BA5-11D5-BD9C-000103C116D5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\Microsoft XML Parser for Java\ not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\002242_.tmp deleted successfully.
C:\WINDOWS\005431_.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET11E.tmp deleted successfully.
C:\WINDOWS\System32\SET11F.tmp deleted successfully.
C:\WINDOWS\System32\SET120.tmp deleted successfully.
C:\WINDOWS\System32\SET121.tmp deleted successfully.
C:\WINDOWS\System32\SET122.tmp deleted successfully.
C:\WINDOWS\System32\SET125.tmp deleted successfully.
C:\WINDOWS\System32\SET126.tmp deleted successfully.
C:\WINDOWS\System32\SET127.tmp deleted successfully.
C:\WINDOWS\System32\SET128.tmp deleted successfully.
C:\WINDOWS\System32\SET129.tmp deleted successfully.
C:\WINDOWS\System32\SET12D.tmp deleted successfully.
C:\WINDOWS\System32\SET12F.tmp deleted successfully.
C:\WINDOWS\System32\setb11.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\fla13.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF19BE.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF2AEB.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF3244.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF3251.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF32AB.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF32B8.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF3C0D.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF4261.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF42C9.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF46F6.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF473D.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF4E28.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF50AE.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF50BB.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF5149.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF514B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF5158.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF5DE2.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF5ED5.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF626B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF6300.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF630D.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF6367.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF6374.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF6563.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF6572.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF67FA.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF6807.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF7137.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF73F0.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF788.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF7E8D.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF81B4.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF8296.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF82E2.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF82F6.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF8357.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF836B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF8D41.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF9304.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF9313.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF936D.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF937B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DF9FF8.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFA005.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFA05F.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFA06C.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFA295.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFA786.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFA802.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFB6B7.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFBA2D.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFBED6.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFC1F1.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFC9C4.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCBAF.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCBB9.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCBBC.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCBCD.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCC16.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCC23.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCC35.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCC5F.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFCFA0.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFD4D6.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFDB3B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFDB48.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFDB7B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFDBA2.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFDBAF.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFE1B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFE42B.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFE5B2.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFE8B8.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFE8CC.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFE959.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFE96D.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFF628.tmp deleted successfully.
C:\Documents and Settings\Desiree Meenan\Local Settings\Temp\~DFFE67.tmp deleted successfully.
[Empty Temp Folders]


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Desiree Meenan
->Temp folder emptied: 41083776 bytes
->Temporary Internet Files folder emptied: 710370367 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 242898 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 279192 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1883459 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 719.00 mb

Restore point Set: OTL Restore Point (64424509440)
< End of fix log >
OTS by OldTimer - Version 3.1.7.0 fix logfile created on 11262009_070154

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_608.dat moved successfully.

Registry entries deleted on Reboot...


So what did you find? Why was it freezing up? Is there anything I can do to keep it from happening again?I sure appreciate your help on this. :thumbup:

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users