Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sorry, didn't follow protocol, still need help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Sorry, didn't follow protocol, still need help!

Unread postby Dakeyras » August 6th, 2009, 12:13 am

Hi :)

Please reboot(restart) your computer if you have done so already.

Right-click on ComboFix and select Rename. Rename it to Dakeyras1 please.

Next:

Disable your security software.

Click on Start >> Run >> cut n paste the following:
Code: Select all
"%userprofile%\desktop\Dakeyras1.exe"

then select OK

If the above method does not work try the below:

Delete your current copy of ComboFix/Dakeyrars1 and re-download a new copy please as follows:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image

Image
--------------------------------------------------------------------
  • Disable your security software.
  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 6th, 2009, 7:56 am

Progress, but no love yet....
As you directed I re-booted & downloaded ComboFix again but renamed it (Dakeyrars.exe by mistake! is that why it didn't work :) ) before saving to the desktop. I then ran it as you instructed using the misspelled name :) and yesssssss! ComboFix started to run. I did not get the Windows security warning but SpyBot (TeaTimer?) did pick up two registry changes which I allowed. ComboFix then ran as described in the instructions on the Bleeping Computers site until the completion of the registry back-up step. The computer then re-booted without my input and after several minutes of busy hard drive activity (green LED on steady or blinking rapidly, lots of low clicking & churning noises) ..... nothing just my standard desktop.
I was VERY tempted to run ComboFix again but did not....and then had to leave for work.
...so progress yes?
I await further commands!

john

Do I need to shut down SpyBot/Tea Timer? SpyBot S&D won't run when double clicking on the icon, is there another way to shut it down, uninstall it maybe?
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby Dakeyras » August 6th, 2009, 8:30 am

Hi John :)

Do not do anything else for the time being as in make any changes to your computer. From what you have described it sounds very much like the hard-drive may be failing, though lets hope not and it is merely a noisy one.

What you mentioned about renaming ComboFix is fine, all we were actually doing is renaming the executable file in-case malware was hindering it from starting etc.

I would like to to review the ComboFix log please. It can be located here:

C:\ComboFix.txt.

Please post that along with a new HijackThis Log, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 6th, 2009, 5:27 pm

I don't think the hard drive is failing unless it has been since new! That's what it always does at start-up and it not really that loud.

I don't think ComboFix finished running. After the restart no windows appeared & no log file that I can see.

Should I try running it again?
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 6th, 2009, 5:31 pm

I am not at home presently, I will be back at the infected computer in about 3 hours. I will be leaving for a business trip early tomorrow morning and will not return until Monday night. I don't want this topic to be closed, what should I do?

John
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby Dakeyras » August 6th, 2009, 5:33 pm

Hi :)

No do not run ComboFix again, lets have a further investigation of what is actually occurring here as follows.

Next:

Please download OTL and save it to your Desktop.

  • Double-click on OTL.exe to start the application.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

----------

Edit:
I am not at home presently, I will be back at the infected computer in about 3 hours. I will be leaving for a business trip early tomorrow morning and will not return until Monday night. I don't want this topic to be closed, what should I do?

John
OK as a rule any topics that do not receive a response within three days are closed. Since you have given myself a reasonable explanation I am willing to keep this topic open until Tuesday morning my time GMT.

Please make sure the computer is not used whilst you are away otherwise it could compound the malware removal process, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 6th, 2009, 8:52 pm

OTL logfile created on: 8/6/2009 8:45:36 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Hope Mills\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 56.80 Gb Free Space | 38.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 5FA8DD235DB74B2
Current User Name: Hope Mills
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systemes)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\MozyHome\mozybackup.exe (Mozy, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Hope Mills\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DigiRefresh [Auto | Running]) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService [On_Demand | Stopped]) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (mozybackup [Auto | Running]) -- C:\Program Files\MozyHome\mozybackup.exe (Mozy, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (SolidWorks Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (dalwdmservice [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\dalwdm.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (DigiFilter [Boot | Running]) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (DigiNet [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (iLokDrvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\iLokDrvr.sys (PACE Anti-Piracy, Inc.)
DRV - (MBX2DFU [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MBX2DFU.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MBX2MIDK [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mbx2midk.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (mozyFilter [System | Running]) -- C:\WINDOWS\System32\DRIVERS\mozy.sys (Mozy, Inc.)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tbhsd [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (TIEHDUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (TPkd [Boot | Running]) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\S-1-5-21-1454471165-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\S-1-5-21-1454471165-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free_Lunch_Design Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Free_Lunch_Design Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://malwareremoval.com/forum/viewforum.php?f=11"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/25 16:11:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/02 23:26:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 13:57:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 13:57:54 | 00,000,000 | ---D | M]

[2008/06/03 17:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hope Mills\Application Data\mozilla\Extensions
[2008/06/03 17:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hope Mills\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/05 10:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hope Mills\Application Data\mozilla\Firefox\Profiles\m6serj7w.default\extensions
[2008/09/28 12:37:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hope Mills\Application Data\mozilla\Firefox\Profiles\m6serj7w.default\extensions\moveplayer@movenetworks.com
[2009/08/05 10:11:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 13:57:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/26 11:51:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/04 13:57:52 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 13:57:52 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/04 11:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/12/02 23:25:28 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/01/15 21:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2008/12/21 22:43:27 | 00,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2009/08/04 13:57:52 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/11 22:08:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/11 22:08:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/11 22:08:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/11 22:08:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/11 22:08:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/11 22:08:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/11 22:08:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/19 16:24:56 | 06,320,872 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npsibelius.dll
[2008/09/26 20:50:29 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systemes)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [msnsc] C:\WINDOWS\System32\msnsc.exe File not found
O4 - HKU\S-1-5-18..\Run: [msnsc] C:\WINDOWS\System32\msnsc.exe File not found
O4 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe File not found
O4 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003..\Run: [Google Update] C:\Documents and Settings\Hope Mills\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003..\Run: [nah_Shell] C:\Documents and Settings\Hope Mills\nah_jfng.exe [FILE handle not seen by OS]
O4 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1454471165-1275210071-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 8558958171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8558933609 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/HOPEMI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/HOPEMI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/03 23:50:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{976184f9-3402-11dd-a2f1-001d7dd21135}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{c7ca56c0-49ce-11dd-a33c-001d7dd21135}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/08/06 20:43:12 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hope Mills\Desktop\OTL.exe
[2009/08/06 06:24:31 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/06 06:24:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/06 06:24:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/06 06:24:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/06 06:24:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/06 06:24:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/06 06:24:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/06 06:24:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/06 06:24:16 | 00,000,000 | --SD | C] -- C:\Dakeyrars1
[2009/08/06 06:24:15 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17677.exe
[2009/08/06 06:24:06 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/06 06:17:13 | 03,154,932 | R--- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\Dakeyrars1.exe
[2009/08/05 20:01:58 | 03,154,932 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\ComboFix.exe
[2009/08/04 21:39:19 | 00,024,228 | ---- | C] () -- C:\Documents and Settings\Hope Mills\My Documents\AVG run.csv
[2009/08/04 21:16:01 | 00,287,232 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\gmer.exe
[2009/08/04 20:58:14 | 00,278,846 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\gmer.zip
[2009/08/04 20:56:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hope Mills\Desktop\FixPolicies
[2009/08/04 20:52:55 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\FixPolicies.exe
[2009/08/03 21:09:24 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\system restore.doc
[2009/08/02 15:58:11 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/02 15:54:58 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Hope Mills\Desktop\Rooter.exe
[2009/08/01 16:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/01 16:20:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/08/01 15:38:03 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/01 15:37:04 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Hope Mills\Desktop\spybotsd162.exe
[2009/08/01 15:34:46 | 08,117,208 | ---- | C] (Mozilla) -- C:\Documents and Settings\Hope Mills\Desktop\Firefox Setup 3.5.1.exe
[2009/08/01 09:54:50 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/01 09:49:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/01 09:47:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hope Mills\Desktop\ERUNT Registry Backup
[2009/08/01 09:44:04 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/01 09:34:12 | 00,407,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hope Mills\Desktop\OTM.exe
[2009/08/01 09:32:41 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\Hijack fix instructions.doc
[2009/07/28 20:09:06 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/21 23:24:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hope Mills\Desktop\Google HiJack info & files
[2009/07/21 23:03:43 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Desktop\RSIT.exe
[2009/07/21 22:04:56 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Hope Mills\Desktop\HiJackThis.exe
[2009/07/21 21:05:36 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Application Data\VmqZk2Dkat.gif
[2009/07/21 21:05:36 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Application Data\VmqZk2Dkzn.gif
[2009/07/21 21:05:36 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Hope Mills\Application Data\VmqZk2Dkby.gif
[2009/07/21 18:42:07 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/07/21 18:42:05 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2009/07/21 18:37:43 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/07/17 07:49:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/08 14:38:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hope Mills\Local Settings\Application Data\SecondLife
[2009/07/08 14:37:05 | 00,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2009/03/09 22:26:47 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/01/01 09:05:07 | 00,000,084 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/11 10:57:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/11/08 13:57:47 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\703C58BD70.dll
[2008/11/02 14:00:09 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008/11/02 14:00:09 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008/10/09 17:04:32 | 00,000,040 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/07/27 16:43:18 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/07/27 16:05:34 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/07/27 16:02:35 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PERFV200P.ini
[2008/06/08 08:30:47 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/06/08 08:30:43 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2008/06/06 16:17:48 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/06/06 12:24:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/06/03 23:55:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/23 18:30:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/21 14:46:34 | 00,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/01/03 06:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 06:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 06:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/01/12 22:02:21 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/12 21:55:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/12 21:52:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/12 21:52:17 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/12 21:50:44 | 00,000,628 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/01/12 21:40:44 | 01,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/12 21:40:28 | 01,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/12 21:39:33 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/12 21:38:40 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/12 21:33:47 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/12 21:33:47 | 00,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2006/01/12 21:29:19 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/05/03 11:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/10/02 10:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 11:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 01:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2001/07/06 22:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/06 20:43:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope Mills\Desktop\OTL.exe
[2009/08/06 20:39:58 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1275210071-725345543-1003UA.job
[2009/08/06 20:39:57 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1275210071-725345543-1003Core.job
[2009/08/06 17:59:12 | 39,609,507 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/06 08:52:16 | 00,059,679 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/06 06:33:46 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/08/06 06:26:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/06 06:26:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/06 06:24:01 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17677.exe
[2009/08/06 06:17:14 | 03,154,932 | R--- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\Dakeyrars1.exe
[2009/08/05 20:01:59 | 03,154,932 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\ComboFix.exe
[2009/08/05 07:35:01 | 00,144,896 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 21:39:19 | 00,024,228 | ---- | M] () -- C:\Documents and Settings\Hope Mills\My Documents\AVG run.csv
[2009/08/04 20:58:14 | 00,278,846 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\gmer.zip
[2009/08/04 20:52:56 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\FixPolicies.exe
[2009/08/03 21:09:25 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\system restore.doc
[2009/08/02 15:54:58 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Hope Mills\Desktop\Rooter.exe
[2009/08/01 15:38:03 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/01 15:37:34 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Hope Mills\Desktop\spybotsd162.exe
[2009/08/01 15:34:58 | 08,117,208 | ---- | M] (Mozilla) -- C:\Documents and Settings\Hope Mills\Desktop\Firefox Setup 3.5.1.exe
[2009/08/01 14:53:17 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/01 14:53:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/01 14:53:17 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/01 11:16:04 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\Hijack fix instructions.doc
[2009/08/01 10:59:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/01 09:34:12 | 00,407,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope Mills\Desktop\OTM.exe
[2009/07/30 11:16:36 | 00,287,232 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\gmer.exe
[2009/07/26 11:24:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/21 23:03:43 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Desktop\RSIT.exe
[2009/07/21 22:04:56 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Hope Mills\Desktop\HiJackThis.exe
[2009/07/21 21:05:36 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Application Data\VmqZk2Dkat.gif
[2009/07/21 21:05:36 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Application Data\VmqZk2Dkzn.gif
[2009/07/21 21:05:36 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Hope Mills\Application Data\VmqZk2Dkby.gif
[2009/07/21 18:42:07 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1174 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:RJ67BNId1ggxZUrob8DP
@Alternate Data Stream - 1093 bytes -> C:\Program Files\WindowsUpdate:xlaJ1aioJhIk4qi3dXgdXB
@Alternate Data Stream - 1026 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:d9ypAc9yjGFq7zyMl
< End of report >
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 6th, 2009, 8:53 pm

OTL Extras logfile created on: 8/6/2009 8:45:36 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Hope Mills\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 56.80 Gb Free Space | 38.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 5FA8DD235DB74B2
Current User Name: Hope Mills
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"" =

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Disabled:SLVoice -- ()
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Hope Mills\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Hope Mills\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Hope Mills\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Hope Mills\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0AC7DF16-E500-40C0-91C5-563616063037}" = DWGeditor
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C278B97-9D25-48B0-9A4E-F4F2BB992043}" = EPSON Perfection V200 Photo Scanner Driver Update
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3126B4F2-4D05-4152-8F64-7F4E2FA08C1B}" = SansAmp PSA-1 7.3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F85A4D-03CC-428A-80A4-880228646518}" = Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3D2A1B63-81F3-402E-B98D-C089F44AC2BA}" = Bomb Factory BF-3A 7.3
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55141BD4-2115-4B14-8047-D809194E30BA}" = MozyHome Remote Backup
"{554ADF03-589F-4B55-AE2F-96E198E84B06}" = JOEMEEK Bundle 7.3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5BFE01FF-189F-4b75-8FA8-9B7CD7F9C529}" = L7500
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A86E88C-E382-4DCA-8290-AAD43ED9B5A7}" = AmpliTube 1.1 LE
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Free Bomb Factory Plug-Ins 7.3
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8C3742C9-2737-46A8-A27D-9BDFE6941644}" = moogerfooger Ring Modulator 7.3
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A17B0B6-AD89-4321-99E6-09D9ABFA254D}" = MelodyneEssential 1.5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4F492A1-AB7D-4D8C-BE49-3F4F73BB72FD}" = Sewer Run
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD493961-0FFA-4452-A504-2915C5802780}" = Maxim 7.3
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB81B9C7-3E0E-47C2-BB8C-DEDF58E81D6F}" = TimewARP 2600 Lite RTAS
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C77A52EB-D060-499E-8248-897F98BA44C4}" = Voce Bundle 7.3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD5F37D6-2AC0-4162-8249-BD4F306FA0D1}" = D-Fi 7.3
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper x32
"{E69411C0-8D66-4F9C-B6D6-9ED2FB89D0E4}" = eDrawings 2008
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8F452D0-61E6-4611-AACC-E7A5A8F4AFA7}" = moogerfooger Analog Delay 7.3
"{EF2F3EF2-A1CC-4ACD-BCAE-92CAC8D5613A}" = Digidesign Pro Tools LE 7.3
"{F0CAAA28-B83C-4077-9FA0-6E30253E4842}" = SolidWorks 2008 SP03.1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3001614-FB0E-4533-ACB6-7842388DD92F}" = SolidWorks Explorer 2008 sp03.1
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin
"{F863B682-5148-4738-B025-455AF892D723}" = Tunebite
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF7F99B4-9274-4B15-A8AA-C03A952BA6F0}" = Tel-Ray Variable Delay 7.3
"1602 A.D." = 1602 A.D.
"80E5581805E14DD17EDB025EB86D820E06128E18" = Windows Driver Package - PACE Anti-Piracy, Inc. (iLokDrvr) Dongles (6/5/2008 5.8.3.3162)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"All ATI Software" = ATI - Software Uninstall Utility
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"Analog Factory SE_is1" = Analog Factory SE 1.2
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool Burning Studio_is1" = Cool Burning Studio Version 3.1
"EPSON Scanner" = EPSON Scan
"Finale PrintMusic 2009" = Finale PrintMusic 2009
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"iDump" = iDump (Build: 28)
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper x32
"InterActual Player" = InterActual Player
"Intkey" = Intkey
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.2
"iZotope Ozone 3_is1" = iZotope Ozone 3
"Live 6.0.2" = Live 6.0.2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"net" = Advertisement Service
"NoteWorthy Composer 2" = NoteWorthy Composer 2
"Online Documentation" = Online Documentation
"PUBLISHERR" = Microsoft Office Publisher 2007
"QuicktimeAlt_is1" = QuickTime Alternative 1.67
"SecondLife" = SecondLife (remove only)
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"Silent Package Run-Time Sample" = EPSON Perfection V200P User's Guide
"SolidWorks Installation Manager 20080-40301-1100-200" = SolidWorks 2008 SP03.1
"VLC media player" = VLC media player 0.9.2
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d2725a24b6b88435" = Garman Tab Designer
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2009 3:57:00 PM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/5/2009 7:59:02 PM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/5/2009 8:57:00 PM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/5/2009 9:57:00 PM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/6/2009 5:53:43 AM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/6/2009 5:57:00 AM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/6/2009 6:26:53 AM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/6/2009 6:57:00 AM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 8/6/2009 8:17:10 AM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 8/6/2009 11:57:00 AM | Computer Name = 5FA8DD235DB74B2 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

[ System Events ]
Error - 8/5/2009 11:03:12 AM | Computer Name = 5FA8DD235DB74B2 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromtsstcorp_cddvdw_sh-s202j________________sb01____#6&38aef96e&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 8/5/2009 11:03:13 AM | Computer Name = 5FA8DD235DB74B2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 8/5/2009 2:03:36 PM | Computer Name = 5FA8DD235DB74B2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 8/5/2009 2:03:38 PM | Computer Name = 5FA8DD235DB74B2 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromtsstcorp_cddvdw_sh-s202j________________sb01____#6&38aef96e&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 8/5/2009 7:59:02 PM | Computer Name = 5FA8DD235DB74B2 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromtsstcorp_cddvdw_sh-s202j________________sb01____#6&38aef96e&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 8/5/2009 7:59:02 PM | Computer Name = 5FA8DD235DB74B2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 8/6/2009 5:53:44 AM | Computer Name = 5FA8DD235DB74B2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 8/6/2009 5:53:46 AM | Computer Name = 5FA8DD235DB74B2 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromtsstcorp_cddvdw_sh-s202j________________sb01____#6&38aef96e&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 8/6/2009 6:26:53 AM | Computer Name = 5FA8DD235DB74B2 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromtsstcorp_cddvdw_sh-s202j________________sb01____#6&38aef96e&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 8/6/2009 6:26:53 AM | Computer Name = 5FA8DD235DB74B2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}


< End of report >
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 6th, 2009, 9:10 pm

Google SE hijack appeared to be resolved but after clicking to a few sites AVG started to display virus alerts when clicking on a site link in Google and the tab was blank.

What specifically can I tell you about my computer's performance? Should I try to run SpyBot S&D or scan with AVG?

If I hear from you before 10:30 pm EST I will atttempt to get any information you require... otherwise, as we discussed previously, I will be away from this computer until Monday night.

Thank you for all the help so far :)
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby Dakeyras » August 7th, 2009, 5:12 am

Hi :)

Thank you for all the help so far :)
You're welcome!

Google SE hijack appeared to be resolved but after clicking to a few sites AVG started to display virus alerts when clicking on a site link in Google and the tab was blank.
OK that is helpful.

What specifically can I tell you about my computer's performance? Should I try to run SpyBot S&D or scan with AVG?

If I hear from you before 10:30 pm EST I will attempt to get any information you require... otherwise, as we discussed previously, I will be away from this computer until Monday night.
OTL logs are quite large in size so it will take myself some time to fully research both and diagnose any problems.

From a quick research the computers actual performance/system resources are fine. There are some system events that will require attention and most likely caused by the malware still on-board.

DO not try and run SpyBot S&D but by all means do update AVG and run a scan, how to retrieve the log to post back here in this topic as follows:

To get the results of the latest AVG scan:

  • Right click the AVG icon in your taskbar.
    • Click Launch AVG Test Centre
    • Click Results
      • Click the latest scan results
      • Click Virus Results (if present) or click Spyware Results (if present)
    • Click Program
      • Click Export list to file
    • Name it AVG log.txt
      • Save as type: All files (*.*) to your Desktop.
    • Exit AVG
  • Open AVG log.txt and Copy/Paste the results in your next reply

Either post this log if the chance before you leave for your business trip and or post it when you return and in the meantime I will have devised the next course of action and if the need modify it after viewing the AVG log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 7th, 2009, 11:23 pm

taking a flight out tomorrow morning, so I can work on this :)

"Scan ""Scan whole computer"" was finished."
"Infections";"82";"0";"82"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, August 07, 2009, 8:32:20 PM"
"Scan finished:";"Friday, August 07, 2009, 8:32:20 PM"
"Total object scanned:";"0"
"User who launched the scan:";"Hope Mills"

"Infections"
"File";"Infection";"Result"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"\\?\globalroot\systemroot\system32\hjgruiaulidoyo.dll";"Virus identified Win32/Cryptor";"Infected"
"C:\PROGRA~1\AVG\AVG8\avgemc.exe (2228)";"Virus identified Win32/Cryptor";"Infected"
"C:\PROGRA~1\AVG\AVG8\avgnsx.exe (872)";"Virus identified Win32/Cryptor";"Infected"
"C:\PROGRA~1\AVG\AVG8\avgtray.exe (656)";"Virus identified Win32/Cryptor";"Infected"
"C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1028)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (616)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\AVG\AVG8\avgcsrvx.exe (2556)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\AVG\AVG8\avgcsrvx.exe (3016)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (544)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\AVG\AVG8\avgrsx.exe (888)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (652)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Digidesign\Drivers\MMERefresh.exe (1056)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\D-Tools\daemon.exe (828)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (140)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\AVG\AVG8\avgscanx.exe (2904)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1324)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (660)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Java\jre6\bin\jqs.exe (1700)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Java\jre6\bin\jusched.exe (672)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\MozyHome\mozystat.exe (1368)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (1000)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (1208)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1124)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\Windows Desktop Search\WindowsSearch.exe (1572)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\AVG\AVG8\avgui.exe (3772)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (2608)";"Virus identified Win32/Cryptor";"Infected"
"C:\Program Files\MozyHome\mozybackup.exe (1264)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\explorer.exe (368)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\ati2evxx.exe (1832)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\lsass.exe (764)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\ati2evxx.exe (936)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\ctfmon.exe (992)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\searchindexer.exe (2436)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\searchprotocolhost.exe (3220)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\services.exe (752)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\svchost.exe (2140)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\svchost.exe (2156)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\spoolsv.exe (476)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\svchost.exe (1688)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\svchost.exe (2196)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\svchost.exe (3556)";"Virus identified Win32/Cryptor";"Infected"
"C:\WINDOWS\system32\winlogon.exe (708)";"Virus identified Win32/Cryptor";"Infected"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite";"Found ";"Healed"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\2o7.net.7919062b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\2o7.net.84c199e2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\2o7.net.ca97f6e1";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\advertising.com.1dfa2206";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\atdmt.com.7247c262";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\advertising.com.203aa218";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\advertising.com.525a5fb9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\advertising.com.7ae8f949";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\advertising.com.b624fa46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\burstnet.com.27341d57";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\burstnet.com.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\casalemedia.com.156cbc67";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\casalemedia.com.1773afc";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\casalemedia.com.3a28db8d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\m.webtrends.com.b4ca7df0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\serving-sys.com.400f83f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tribalfusion.com.5eef93d0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\smartadserver.com.c5827141";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tacoda.net.27341d57";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tacoda.net.4366831a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tacoda.net.5935e89";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tribalfusion.com.8b22ad8c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tribalfusion.com.9bc3e98f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tribalfusion.com.7610f0e0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\tribalfusion.com.ff8546b9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\trafficmp.com.37644bdb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\trafficmp.com.a00e30b4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\trafficmp.com.ae53b8b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\trafficmp.com.e2e71e33";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\trafficmp.com.f3e5803e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\zedo.com.a5b6a132";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\zedo.com.27f1639b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Application Data\Mozilla\Firefox\Profiles\m6serj7w.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@247realmedia[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@247realmedia[2].txt:\247realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@247realmedia[2].txt:\247realmedia.com.b4c2ad0b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@2o7[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@2o7[2].txt:\2o7.net.990a393c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@2o7[2].txt:\2o7.net.ebf63e2a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@ad.yieldmanager[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@advertising[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@advertising[1].txt:\advertising.com.1dfa2206";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@advertising[1].txt:\advertising.com.203aa218";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@advertising[1].txt:\advertising.com.525a5fb9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@advertising[1].txt:\advertising.com.b624fa46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@atdmt[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@atdmt[1].txt:\atdmt.com.7247c262";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@burstnet[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@burstnet[1].txt:\burstnet.com.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@casalemedia[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@casalemedia[2].txt:\casalemedia.com.1773afc";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@casalemedia[2].txt:\casalemedia.com.2d37ad26";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@casalemedia[2].txt:\casalemedia.com.350339d4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@casalemedia[2].txt:\casalemedia.com.8c65eddd";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@doubleclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@doubleclick[1].txt:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@enhance[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@enhance[1].txt:\enhance.com.2ff9c31e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@enhance[1].txt:\enhance.com.378d31e7";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@hitbox[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@hitbox[2].txt:\hitbox.com.2b95f8a3";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@hitbox[2].txt:\hitbox.com.bbf2a6e8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@mediaplex[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@mediaplex[1].txt:\mediaplex.com.f652b123";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@overture[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@overture[1].txt:\overture.com.52ca467a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@overture[1].txt:\overture.com.e626e6be";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@questionmarket[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@questionmarket[1].txt:\questionmarket.com.767e4302";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt:\realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt:\realmedia.com.9514c147";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt:\realmedia.com.a2b49f1a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt:\realmedia.com.bf4a1fa7";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt:\realmedia.com.dc841856";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt:\realmedia.com.e6262787";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@realmedia[1].txt:\realmedia.com.ef906bac";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@revsci[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@revsci[2].txt:\revsci.net.2df99d79";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@revsci[2].txt:\revsci.net.44927ec";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@revsci[2].txt:\revsci.net.50e13b1b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@revsci[2].txt:\revsci.net.e9dbeb91";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tacoda[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tacoda[1].txt:\tacoda.net.27341d57";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tacoda[1].txt:\tacoda.net.4366831a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tacoda[1].txt:\tacoda.net.5935e89";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tribalfusion[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Hope Mills\Cookies\hope mills@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found ";"Moved to Virus Vault"
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby Dakeyras » August 8th, 2009, 5:34 am

Hi,

I have bad news I'm afraid :(

Your computer is infected with a very dangerous memory resident parasitic polymorphic virus.

This goes a long way to explain the problems we have encountered with the attempted malware removal process.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Unfortunately no attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and only course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

Virut and other Other File Infectors

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Next:

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This is because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Should you have any questions, please feel free to ask.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sorry, didn't follow protocol, still need help!

Unread postby polodore john » August 10th, 2009, 3:17 pm

Well, not good news :( but thank you.
I will go the reformat route.
As I mentioned before we have thumb drives and removable hard drives that have a lot of data on them as well as installation software for a number of applications. Since the whole family use them I do not know for sure exactly what is or could be on them, but I am certain the all have executable files on them.....

So, do we need to get new drives and ONLY transfer non-executable data onto them and then reformat the removable drives and toss the thumb/USB drives (can they be reformated)?

Password/ID changing process is underway, what a pain in the a$$$$! :x

Thanks again
polodore john
Regular Member
 
Posts: 20
Joined: July 21st, 2009, 10:23 pm

Re: Sorry, didn't follow protocol, still need help!

Unread postby Dakeyras » August 10th, 2009, 3:51 pm

Hi :)

Aye not the best of news but the most prudent course of action is as I have advised.

Actually you can format all the removable storage media devices first then disinfect them(this will prevent them from becoming re-infected) and transfer what is safe to do as I outlined in my prior post to your good self.

To disinfect the drives afterwards as follows:

Flash_Disinfector:

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Next:

If you use a Router, I advise you reset this and apply/set a(new) admin password.

The below is what I advice to install software afterwards also:

Reformat and Reinstallation Advice:

  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    Here are some free Anti Virus programs which I recommend to use:
    • Antivir PersonalEditionClassic
      • Free anti-virus software for Windows.
      • Detects and removes more than 50,000 viruses. Free support.
    • avast! 4 Home Edition
        • Anti-virus program for Windows.
        • The home edition is freeware for noncommercial users.
    • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
      Here are some free Firewalls which I recommend to use:
      (Use only one, and disable your Windows Firewall)
    Note: Only ever have installed/use one Anti-Virus application and Software Firewall. Otherwise a system conflict will occur and this also lessens overall online protection!
  • Keep your system updated- Microsoft releases patches for Windows and other products regularly:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Malwarebytes' Anti-Malware - Download it from here
    The tutorial on how to use MBAM is located here
  • Install WinPatrol - Download it from here
    You can find information about how WinPatrol works here
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    Download it from here
    The tutorial on how to use Spyware Blaster is located here
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for your computer becoming infected again will reduce dramatically. Any questions feel free to ask OK!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sorry, didn't follow protocol, still need help!

Unread postby Shaba » August 13th, 2009, 3:14 am

Due to reformatting this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 382 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware