Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected desktop

Unread postby baylormum » March 15th, 2011, 11:55 pm

Hi, guys!
Last fall I had some suspected memory problems with pictures on an external HD. I contacted a company online to help me restore these pics. The pictures were there but not accessible. I sent them my ext HD & it was sent right back all fixed (I guess). It was suggested that I subscribe to the Malwarebyte Anti-malware, which I did. It seemed more comprehensive than what I did have. Then I started getting "MBAM Service terminated unexpectedly, see event log" upon start-up. I didn't call about it. This past Sunday we got an email that we did not open, but it started with the A's on our aol contact list & started sending mail to our 100's of addresses. I finally got it stopped after 2 hours. But, now, my browser is shutting down every few minutes. Including while I'm typing now. Please help me!! This computer is old, but still running. I am unemployed & really need to be able to use it for job hunts! The company I purchased it from says not their problem since I didn't call when I started getting the error pop-up. I cannot afford to pay for a huge clean-up. Hope you can help.Thanks, Shellie (baylormum)


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mom & Dad at 20:39:28.52 on Tue 03/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.64 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mom & Dad\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearch Bar =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
mSearchAssistant = hxxp://channels.aimtoday.com/search/aimtoolbar.jsp
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mom & dad\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-us\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: hhloans.com\www
Trusted Zone: microsoft.com\office
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsup ... mAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsup ... gctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsup ... gctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/ ... Client.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\mom&da~1\applic~1\mozilla\firefox\profiles\vrvqe7xs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... box&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... 0ab&query=
FF - plugin: c:\documents and settings\mom & dad\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\mom & dad\application data\mozilla\firefox\profiles\vrvqe7xs.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\mom & dad\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Ask.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: TwitterFox: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Power Twitter: {b2509cd4-17cd-45ed-8146-a82af038f493} - %profile%\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-15 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-15 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-15 656320]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslcc9b1447;MpKslcc9b1447;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a1b887e-c165-4d4f-a03f-d53f8cc95995}\MpKslcc9b1447.sys [2011-3-15 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 67656]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-15 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-15 1150936]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-26 11520]
S1 MpKslf3fe7211;MpKslf3fe7211;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{edbad86d-9cb4-4ebb-882c-3a1d776a04a7}\mpkslf3fe7211.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{edbad86d-9cb4-4ebb-882c-3a1d776a04a7}\MpKslf3fe7211.sys [?]
.
=============== Created Last 30 ================
.
2011-03-16 03:27:48 388096 ----a-r- c:\docume~1\mom&da~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-16 03:27:30 -------- d-----w- c:\program files\Trend Micro
2011-03-15 20:37:03 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-15 20:37:03 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-15 20:36:52 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-15 20:36:25 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-15 20:36:25 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-15 20:33:53 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-15 20:31:52 -------- d-----w- c:\program files\common files\PC Tools
2011-03-15 20:31:50 -------- d-----w- c:\program files\PC Tools Security
2011-03-15 20:31:50 -------- d-----w- c:\docume~1\mom&da~1\applic~1\PC Tools
2011-03-15 20:31:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-15 20:19:00 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{5a1b887e-c165-4d4f-a03f-d53f8cc95995}\MpKslcc9b1447.sys
2011-03-14 22:28:42 -------- d-----w- c:\docume~1\mom&da~1\applic~1\Malwarebytes
2011-03-14 22:28:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-14 22:28:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-14 22:28:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-14 22:28:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-14 21:45:28 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-03-14 21:44:48 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{5a1b887e-c165-4d4f-a03f-d53f8cc95995}\mpengine.dll
2011-03-14 21:22:37 215920 ----a-w- c:\windows\system32\muweb.dll
2011-03-14 21:22:35 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-14 21:22:32 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-13 23:05:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-13 22:56:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-27 21:41:27 -------- d-----w- c:\docume~1\mom&da~1\applic~1\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-02-27 21:41:06 -------- d-----w- c:\program files\TweetDeck
2011-02-16 21:30:36 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:41:43.50 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/27/2005 10:04:17 AM
System Uptime: 3/15/2011 1:17:43 PM (7 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | WMT-LE
Processor: Intel(R) Pentium(R) 4 CPU 1500MHz | PGA 423 | 1495/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 23 GiB total, 0.478 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 50.82 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM (UDF)
H: is Removable
I: is FIXED (NTFS) - 297 GiB total, 274.454 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8496E87E-C0A1-4102-9D8D-BD9A9B8B07A9}
Description: WD SES Device
Device ID: ROOT\WDC_SAM\0000
Manufacturer: Western Digital Technologies
Name: WD SES Device
PNP Device ID: ROOT\WDC_SAM\0000
Service: WDC_SAM
.
==== System Restore Points ===================
.
RP1252: 3/13/2011 9:10:07 PM - System Checkpoint
RP1253: 3/14/2011 2:43:08 PM - Software Distribution Service 3.0
RP1254: 3/15/2011 1:58:11 PM - Spyware Doctor: Cleaning Threats
RP1255: 3/15/2011 8:27:24 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask.com Toolbar
ATT-AACE
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Bonjour
BufferChm
Caere Scan Manager 5.1
Canon ScanGear Toolbox CS 2.2
CCleaner
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
cp_PrintOnCDConfig
cp_UpdateProjectsConfig
CueTour
CustomerResearchQFolder
D6100_D7100_D7300_Help
D7100
DeviceManagementQFolder
Download Updater (AOL LLC)
eSupportQFolder
Facebook Plug-In
FullDPAppQFolder
Google Chrome
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Premier Software 6.5
HP Product Assistant
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.5.16)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
OptionalContentQFolder
PanoStandAlone
PhotoGallery
QuickTime
RandMap
Recuva
Secure Remote Support - Get Support Now!
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sibelius Scorch
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic_PrimoSDK
Spyware Doctor with AntiVirus 8.0
Status
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
TBS WMP Plug-in
Toolbox
TrayApp
Try Corel Snapfire muvee autoProducer add on
TweetDeck
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
WD SmartWare
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Wise Disk Cleaner 5.33
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
3/13/2011 4:28:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.840.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: AMANDA-H8ZWZ5HK\Mom & Dad Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0xffffffef Error description:
3/13/2011 4:28:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.840.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: AMANDA-H8ZWZ5HK\Mom & Dad Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0xffffffef Error description:
3/13/2011 4:28:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.840.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: AMANDA-H8ZWZ5HK\Mom & Dad Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0xffffffef Error description:
3/13/2011 4:28:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.840.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: AMANDA-H8ZWZ5HK\Mom & Dad Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0xffffffef Error description:
3/13/2011 4:19:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.99.1147.0).
3/13/2011 4:19:26 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.840.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80070643 Error description: Fatal error during installation.
3/13/2011 4:19:07 PM, error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.6603.0 Previous Engine Version: 1.1.6502.0 Engine Type: Antimalware User: NT AUTHORITY\SYSTEM Error Code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
3/13/2011 4:19:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.99.1147.0 Previous Signature Version: 1.97.840.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.6603.0 Previous Engine Version: 1.1.6502.0 Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
3/13/2011 4:19:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.99.1147.0 Previous Signature Version: 1.97.840.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.6603.0 Previous Engine Version: 1.1.6502.0 Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
.
==== End Of File ===========================
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm
Advertisement
Register to Remove

Re: Infected desktop

Unread postby askey127 » March 16th, 2011, 7:37 am

Hi baylormum,
You have a small crisis of sorts due to having insufficient space on the C: drive.
I will try to help with that issue and remove some obsolete and unnecessary programs.
If you have any tunes or photos that you can offload to CDs or your portable drive, and then delete from your C: drive, please do it.
After we get this set of things done, we will look for infections, and install new replacement programs on your D: hard drive.

This looks like a lot of tasks, but you can handle it. Just one step at a time.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Reader 9.2
Spyware Doctor with AntiVirus 8.0
Ask.com Toolbar
Google Updater
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) SE Runtime Environment 6 Update 1
MarketResearch
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
Try Corel Snapfire muvee autoProducer add on

Take extra care in answering questions posed by any Uninstaller.

If any of the Uninstall tasks fail due to insufficient memory, run the Temp File Cleaner program below, reboot, and try again.
The goal is to have all programs listed above GONE.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
--------------------------------------------
Disallow Indexing on the C: Drive
Go to Start, My Computer
Right click on the C: Drive and choose Properties.
At the bottom, UNCHECK the box labeled "Allow Indexing to Index this disk for fast file searching".
Click Apply, and OK.
CHECK the button to apply to all folders and subfolders.
Click Apply.
Go for a coffee.
When it's done, click OK.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 16th, 2011, 9:44 pm

I did what you suggested. There were a couple of the programs listed that I did not find in the add/remove program list. Glad all this computer-eze is decipherable by you!! Thanks again, Shellie


OTL Extras logfile created on: 3/16/2011 6:29:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom & Dad\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free
739.00 Mb Paging File | 151.00 Mb Available in Paging File | 20.00% Paging File free
Paging file location(s): C:\pagefile.sys 50 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.29 Gb Total Space | 1.50 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
Drive D: | 51.24 Gb Total Space | 50.93 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive F: | 503.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 297.44 Gb Total Space | 273.69 Gb Free Space | 92.02% Space Free | Partition Type: NTFS

Computer Name: AMANDA-H8ZWZ5HK | User Name: Mom & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1117398759\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1117398759\EE\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\AOL\1117398759\ee\aolservicehost.exe" = C:\Program Files\Common Files\AOL\1117398759\ee\aolservicehost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Epocrates\EssentialsPPC\AutoUpdate.exe" = C:\Program Files\Epocrates\EssentialsPPC\AutoUpdate.exe:*:Enabled:AutoUpdate Now!
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Program Files\Common Files\AOL\1117398759\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1117398759\EE\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1117398759\EE\aim6.exe" = C:\Program Files\Common Files\AOL\1117398759\EE\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe" = C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe:*:Enabled:LogMeIn Rescue Calling Card -- (LogMeIn, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{256AEBD0-41C6-471E-92B4-B256F5176A72}" = D7100
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3004FB81-7B9E-4808-BD13-BC5A530BA60B}" = cp_PrintOnCDConfig
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{398DA395-DF34-4A03-8DE9-3E7A8680BB51}" = Secure Remote Support - Get Support Now!
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{51C65CD6-A344-41B5-81E2-3CCAC8024F68}" = Sibelius Scorch
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Deskbar" = AOL Deskbar
"AOL Uninstaller" = AOL Uninstaller
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATT-AACE" = ATT-AACE
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Recuva" = Recuva
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.33
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2011 4:16:04 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/15/2011 4:16:04 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/15/2011 4:48:29 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00009823.

Error - 3/15/2011 5:18:57 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile,
P4 3.0.8107.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/15/2011 5:24:18 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 10.0.648.133, fault address 0x0007c441.

Error - 3/15/2011 11:19:24 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 10.0.648.133, fault address 0x00054bff.

Error - 3/16/2011 5:14:09 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile,
P4 3.0.8107.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/16/2011 5:16:53 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/16/2011 5:54:35 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Application Error | ID = 1000
Description = Faulting application wdsmartware.exe, version 1.2.0.8, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 3/16/2011 6:08:15 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 3/16/2011 8:33:07 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/16/2011 8:33:07 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/16/2011 8:33:07 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/16/2011 8:33:07 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/16/2011 8:43:41 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 3/16/2011 8:43:41 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/16/2011 8:43:42 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/16/2011 8:43:43 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7034
Description = The WD SmartWare Background Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/16/2011 8:43:43 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7034
Description = The WD SmartWare Drive Manager service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/16/2011 8:43:45 PM | Computer Name = AMANDA-H8ZWZ5HK | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >


OTL logfile created on: 3/16/2011 6:29:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom & Dad\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free
739.00 Mb Paging File | 151.00 Mb Available in Paging File | 20.00% Paging File free
Paging file location(s): C:\pagefile.sys 50 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.29 Gb Total Space | 1.50 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
Drive D: | 51.24 Gb Total Space | 50.93 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive F: | 503.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 297.44 Gb Total Space | 273.69 Gb Free Space | 92.02% Space Free | Partition Type: NTFS

Computer Name: AMANDA-H8ZWZ5HK | User Name: Mom & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/16 18:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom & Dad\My Documents\Downloads\OTL.exe
PRC - [2011/03/10 23:50:03 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/13 12:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 12:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/16 18:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom & Dad\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/02 18:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 18:24:51 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A1B887E-C165-4D4F-A03F-D53F8CC95995}\MpKsl15a69cbc.sys -- (MpKsl15a69cbc)
DRV - [2010/06/10 18:00:06 | 000,022,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/07/19 20:42:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2004/11/22 16:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 16:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50sbox&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.2.1.265
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.38
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.8.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.16
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tbff50ab&query="


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/29 10:00:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 17:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/16 17:20:00 | 000,000,000 | ---D | M]

[2008/09/03 07:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Extensions
[2008/09/03 07:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/16 17:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions
[2010/01/29 20:25:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/11 13:59:43 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/01/28 22:55:00 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2007/10/09 14:27:09 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\moveplayer@movenetworks.com
[2009/08/10 07:01:51 | 000,000,000 | ---D | M] (TwitterFox) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\twitternotifier@naan.net
[2009/06/23 19:19:21 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\searchplugins\aol-search.xml
[2011/03/16 17:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/12 14:46:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 14:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOM & DAD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VRVQE7XS.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/12/12 14:46:00 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/12 14:46:00 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/31 20:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/03/09 03:19:09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/09/26 09:40:34 | 000,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2006/08/02 14:30:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010/12/12 14:46:03 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/09/05 17:55:37 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll
[2010/12/13 17:16:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/13 17:16:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/13 17:16:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/13 17:16:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/13 17:16:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/13 17:16:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/13 17:16:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/09/10 12:12:44 | 005,993,192 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
[2006/01/18 10:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2008/07/27 16:06:42 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2005/08/09 11:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/09/10 12:12:46 | 006,275,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/17 12:54:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/17 12:54:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/04/28 14:52:55 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml
[2008/09/10 16:41:35 | 000,002,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/17 12:54:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/17 12:54:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/17 12:54:32 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/17 12:54:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/17 12:54:32 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/06 16:15:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.1\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: hhloans.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsup ... mAData.cab (ActiveDataInfo Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/ ... Client.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.130.130.2 206.130.133.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/27 10:01:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/17 07:07:12 | 000,000,075 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c6527e66-80d4-11df-9b40-00038a000015}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/16 15:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/15 20:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Start Menu\Programs\HiJackThis
[2011/03/15 20:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/15 13:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/03/15 13:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/15 13:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/03/14 15:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Application Data\Malwarebytes
[2011/03/14 15:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/14 15:28:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/14 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/14 15:28:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/14 15:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/14 14:22:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/03/14 14:22:32 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/03/13 16:05:28 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/03/13 15:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/27 14:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/02/27 14:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2011/02/27 14:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/16 14:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/16 14:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2011/03/16 18:30:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/16 18:24:35 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/16 18:23:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/16 17:43:02 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-688789844-1060284298-1005UA.job
[2011/03/16 15:45:31 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/15 20:38:08 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\HiJackThis.lnk
[2011/03/15 18:43:05 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-688789844-1060284298-1005Core.job
[2011/03/15 13:37:39 | 000,804,570 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/14 15:28:28 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 20:46:29 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/13 20:46:28 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\Google Chrome.lnk
[2011/03/13 15:58:00 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/13 15:03:00 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Secure Remote Support - Get Support Now!.lnk
[2011/03/13 15:02:16 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 15:02:16 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 14:11:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/02 17:38:27 | 000,015,776 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\My Documents\180616_1699708786702_1657392583_1543249_2287467_n.jpg
[2011/02/27 14:41:08 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2011/02/16 14:32:24 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/03/15 20:27:46 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Desktop\HiJackThis.lnk
[2011/03/15 13:37:06 | 000,804,570 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/14 15:28:28 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 16:02:41 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/13 15:58:00 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/13 15:57:12 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/02 17:39:35 | 000,015,776 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\My Documents\180616_1699708786702_1657392583_1543249_2287467_n.jpg
[2011/02/27 14:41:08 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TweetDeck.lnk
[2011/02/27 14:41:07 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2011/02/16 14:32:24 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/15 21:06:37 | 000,115,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:33:21 | 000,000,092 | ---- | C] () -- C:\WINDOWS\BackupManager.INI
[2010/06/03 16:49:44 | 000,002,592 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/05/08 18:01:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 19:32:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/01/30 16:54:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/11/27 17:38:40 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/10/26 16:44:31 | 000,037,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/01 10:10:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/04/28 12:41:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/22 19:18:40 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\Comma Separated Values (Windows).ADR
[2009/04/22 18:08:36 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft Excel.ADR
[2008/04/27 16:39:47 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/09 10:26:24 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\fusioncache.dat
[2008/02/04 15:45:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/02/04 15:35:23 | 000,124,488 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2008/02/04 15:35:23 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2007/05/22 11:48:12 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2007/02/17 14:24:01 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/25 13:52:16 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/25 13:52:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/02 18:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/08/01 17:53:27 | 000,005,618 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/20 07:37:56 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\yodleeuninstaller.dll
[2006/04/20 07:37:56 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\YodleeInstaller.dll
[2006/04/20 07:37:56 | 000,069,633 | ---- | C] () -- C:\WINDOWS\billpay.aol.com_ac.dll
[2006/02/07 17:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2006/02/07 17:25:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\$_hpcst$.hpc
[2005/09/15 18:02:41 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/10 10:00:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/10 10:00:12 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/05/31 22:05:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/29 14:08:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/29 13:37:46 | 000,000,725 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/05/29 13:32:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/29 13:23:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/05/29 13:23:35 | 000,000,008 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2005/05/29 13:23:03 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/05/29 13:21:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2005/05/29 13:21:06 | 000,001,379 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2005/05/29 13:21:06 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2005/05/27 10:04:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/27 09:58:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/27 04:52:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/27 04:51:42 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 12:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/20 12:31:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/08/29 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 05:00:00 | 000,444,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 05:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005806_.tmp.dll
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 05:00:00 | 000,072,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 05:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005774_.tmp.dll
[2002/08/29 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2005/09/14 20:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medicare 2006 Phase II Assessment
[2007/03/09 18:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/28 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/10/15 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/08 19:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2011/03/16 17:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 15:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/08 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/26 14:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/04/28 16:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/24 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/24 15:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Aim
[2010/07/14 19:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Amazon
[2010/11/29 21:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Blackberry Desktop
[2011/02/08 18:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Canon
[2010/06/29 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Facebook
[2009/02/26 08:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2005/09/14 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Medicare2
[2010/10/15 20:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Research In Motion
[2010/04/12 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\RIM Palm&PPC Upgrade Wizard
[2007/06/29 13:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Snapfish
[2010/09/08 19:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Systweak
[2010/07/10 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Tific
[2009/04/13 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2011/02/27 14:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2007/02/08 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Viewpoint
[2010/01/26 14:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Western Digital
[2011/03/16 18:30:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 17th, 2011, 2:38 pm

baylormum,
You should stay away from Ask.com
That site is a known purveyor of tracking and spy type stuff, according to multiple HOSTS blocking sites.
I would suggest either Google.com or Bing.com for use as your search page.
-------------------------------------------------------
Set System Restore Disk Usage
Go to Start, Settings, Control Panel or Start Control Panel and double click on System
Click the System Restore tab. It will show a list of drives.
Highlight the C: drive and click the Settings button.
If the slider is set to higher than 4 percent, slide it to the left to approximately the 4% point.
Click OK.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (don't copy the word "Code:"):
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsup ... mAData.cab (ActiveDataInfo Class)
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsi.cab (Symantec SmartIssue)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab (Symantec Script Runner Class)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: hhloans.com ([www] https in Trusted sites)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    DRV - [2007/07/19 20:42:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0
    
    :Files
    C:\Program Files\PC Tools Security
    C:\Program Files\Trend Micro
    C:\WINDOWS\system32\drivers\sskbfd.sys
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------------------------------
Check Disk for Space (XP)
Go to My Computer, right click the C: drive and choose Properties.
Please record what it reports for Used space and Free space on the drive and report that back in a reply. Use a separate reply if it's more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 17th, 2011, 7:05 pm

Hello again! Funny about the ask.com. I never used it on purpose. It seems to have been some kind of default for a long time. The computer would randomly go to ask.com. Almost as an error kind of thing. Usually when I'm posting a comment on a blog, but not limited to that. Couldn't ever figure out how to make it stop doing that.
Used space = 21.6 GB
Free space = 1.61 GB
You have made this so easy! Thanks.

OTL logfile created on: 3/17/2011 3:46:40 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom & Dad\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 37.00 Mb Available Physical Memory | 7.00% Memory free
918.00 Mb Paging File | 116.00 Mb Available in Paging File | 13.00% Paging File free
Paging file location(s): C:\pagefile.sys 50 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.29 Gb Total Space | 1.67 Gb Free Space | 7.15% Space Free | Partition Type: NTFS
Drive D: | 51.24 Gb Total Space | 50.93 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive F: | 503.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 297.44 Gb Total Space | 273.69 Gb Free Space | 92.02% Space Free | Partition Type: NTFS

Computer Name: AMANDA-H8ZWZ5HK | User Name: Mom & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/17 12:15:00 | 026,595,896 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Update\Download\{CAB9C5C2-392D-4918-BCF0-DC079FE70A6D}\chrome_installer.exe
PRC - [2011/03/16 18:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom & Dad\My Documents\Downloads\OTL.exe
PRC - [2011/03/12 01:04:06 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/13 12:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 12:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/16 18:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom & Dad\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/02 18:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 15:37:18 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A1B887E-C165-4D4F-A03F-D53F8CC95995}\MpKsl9ed9b442.sys -- (MpKsl9ed9b442)
DRV - [2011/03/17 15:00:38 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A1B887E-C165-4D4F-A03F-D53F8CC95995}\MpKsld9929716.sys -- (MpKsld9929716)
DRV - [2010/06/10 18:00:06 | 000,022,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/11/22 16:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 16:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50sbox&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.2.1.265
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.38
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.8.3
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tbff50ab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 17:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/16 17:20:00 | 000,000,000 | ---D | M]

[2008/09/03 07:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Extensions
[2011/03/16 17:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions
[2010/01/29 20:25:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/11 13:59:43 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/01/28 22:55:00 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2007/10/09 14:27:09 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\moveplayer@movenetworks.com
[2009/08/10 07:01:51 | 000,000,000 | ---D | M] (TwitterFox) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\twitternotifier@naan.net
[2009/06/23 19:19:21 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\searchplugins\aol-search.xml
[2011/03/16 17:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOM & DAD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VRVQE7XS.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/31 20:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2006/08/02 14:30:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/09/05 17:55:37 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll
[2006/01/18 10:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2008/07/27 16:06:42 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/09/10 12:12:46 | 006,275,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2009/04/28 14:52:55 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml
[2008/09/10 16:41:35 | 000,002,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2010/07/06 16:15:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.1\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/ ... Client.cab (FujifilmUploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.130.130.2 206.130.133.2
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/27 10:01:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/17 07:07:12 | 000,000,075 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0d93dd22-cea5-11d9-8260-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0d93dd22-cea5-11d9-8260-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d93dd22-cea5-11d9-8260-806d6172696f}\Shell\AutoRun\command - "" = F:\start.exe -- [2009/09/17 07:07:17 | 004,707,135 | R--- | M] (Research In Motion Limited )
O33 - MountPoints2\{4c5969a0-0aae-11df-9aa6-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5969a0-0aae-11df-9aa6-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c5969a0-0aae-11df-9aa6-00038a000015}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009/11/13 12:25:22 | 003,280,672 | R--- | M] (Western Digital)
O33 - MountPoints2\{c6527e66-80d4-11df-9b40-00038a000015}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/17 15:31:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/16 15:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/15 20:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Start Menu\Programs\HiJackThis
[2011/03/15 13:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/15 13:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/03/14 15:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Application Data\Malwarebytes
[2011/03/14 15:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/14 15:28:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/14 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/14 15:28:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/14 15:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/13 15:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/27 14:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/02/27 14:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2011/02/27 14:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/16 14:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/16 14:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2011/03/17 15:54:15 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-688789844-1060284298-1005UA.job
[2011/03/17 15:50:48 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/17 15:50:47 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\Google Chrome.lnk
[2011/03/17 15:42:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/17 15:38:06 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/17 15:36:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/16 18:43:02 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-688789844-1060284298-1005Core.job
[2011/03/16 15:45:31 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/15 20:38:08 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\HiJackThis.lnk
[2011/03/15 13:37:39 | 000,804,570 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/14 15:28:28 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 15:58:00 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/13 15:03:00 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Secure Remote Support - Get Support Now!.lnk
[2011/03/13 15:02:16 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 15:02:16 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 14:11:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/02 17:38:27 | 000,015,776 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\My Documents\180616_1699708786702_1657392583_1543249_2287467_n.jpg
[2011/02/27 14:41:08 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2011/02/16 14:32:24 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/03/15 20:27:46 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Desktop\HiJackThis.lnk
[2011/03/15 13:37:06 | 000,804,570 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/14 15:28:28 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 16:02:41 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/13 15:58:00 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/13 15:57:12 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/02 17:39:35 | 000,015,776 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\My Documents\180616_1699708786702_1657392583_1543249_2287467_n.jpg
[2011/02/27 14:41:08 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TweetDeck.lnk
[2011/02/27 14:41:07 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2011/02/16 14:32:24 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/15 21:06:37 | 000,115,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:33:21 | 000,000,092 | ---- | C] () -- C:\WINDOWS\BackupManager.INI
[2010/06/03 16:49:44 | 000,002,592 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/05/08 18:01:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 19:32:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/01/30 16:54:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/11/27 17:38:40 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/10/26 16:44:31 | 000,037,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/01 10:10:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/04/28 12:41:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/22 19:18:40 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\Comma Separated Values (Windows).ADR
[2009/04/22 18:08:36 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft Excel.ADR
[2008/04/27 16:39:47 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/09 10:26:24 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\fusioncache.dat
[2008/02/04 15:45:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/02/04 15:35:23 | 000,124,488 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2008/02/04 15:35:23 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2007/05/22 11:48:12 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2007/02/17 14:24:01 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/25 13:52:16 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/25 13:52:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/02 18:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/08/01 17:53:27 | 000,005,618 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/20 07:37:56 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\yodleeuninstaller.dll
[2006/04/20 07:37:56 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\YodleeInstaller.dll
[2006/04/20 07:37:56 | 000,069,633 | ---- | C] () -- C:\WINDOWS\billpay.aol.com_ac.dll
[2006/02/07 17:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2006/02/07 17:25:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\$_hpcst$.hpc
[2005/09/15 18:02:41 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/10 10:00:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/10 10:00:12 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/05/31 22:05:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/29 14:08:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/29 13:37:46 | 000,000,725 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/05/29 13:32:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/29 13:23:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/05/29 13:23:35 | 000,000,008 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2005/05/29 13:23:03 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/05/29 13:21:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2005/05/29 13:21:06 | 000,001,379 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2005/05/29 13:21:06 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2005/05/27 10:04:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/27 09:58:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/27 04:52:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/27 04:51:42 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 12:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/20 12:31:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/08/29 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 05:00:00 | 000,444,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 05:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005806_.tmp.dll
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 05:00:00 | 000,072,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 05:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005774_.tmp.dll
[2002/08/29 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2005/09/14 20:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medicare 2006 Phase II Assessment
[2007/03/09 18:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/28 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/10/15 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/08 19:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2011/03/16 17:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 15:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/08 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/26 14:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/04/28 16:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/24 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/24 15:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Aim
[2010/07/14 19:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Amazon
[2010/11/29 21:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Blackberry Desktop
[2011/02/08 18:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Canon
[2010/06/29 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Facebook
[2009/02/26 08:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2005/09/14 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Medicare2
[2010/10/15 20:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Research In Motion
[2010/04/12 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\RIM Palm&PPC Upgrade Wizard
[2007/06/29 13:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Snapfish
[2010/09/08 19:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Systweak
[2010/07/10 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Tific
[2009/04/13 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2011/02/27 14:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2007/02/08 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Viewpoint
[2010/01/26 14:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Western Digital
[2011/03/17 15:42:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 17th, 2011, 9:42 pm

baylormum,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename will be the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 17th, 2011, 10:31 pm

The scan completed with nothing found.
Also, I'm noticing that, although they are visible in thumbnail, you-tube videos play with just a white screen where the video would normally be. Is that a problem?


2011/03/17 19:21:23.0955 3780 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 19:21:25.0367 3780 ================================================================================
2011/03/17 19:21:25.0367 3780 SystemInfo:
2011/03/17 19:21:25.0367 3780
2011/03/17 19:21:25.0377 3780 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/17 19:21:25.0377 3780 Product type: Workstation
2011/03/17 19:21:25.0377 3780 ComputerName: AMANDA-H8ZWZ5HK
2011/03/17 19:21:25.0377 3780 UserName: Mom & Dad
2011/03/17 19:21:25.0377 3780 Windows directory: C:\WINDOWS
2011/03/17 19:21:25.0377 3780 System windows directory: C:\WINDOWS
2011/03/17 19:21:25.0377 3780 Processor architecture: Intel x86
2011/03/17 19:21:25.0377 3780 Number of processors: 1
2011/03/17 19:21:25.0377 3780 Page size: 0x1000
2011/03/17 19:21:25.0377 3780 Boot type: Normal boot
2011/03/17 19:21:25.0377 3780 ================================================================================
2011/03/17 19:21:31.0997 3780 Initialize success
2011/03/17 19:21:56.0232 1468 ================================================================================
2011/03/17 19:21:56.0232 1468 Scan started
2011/03/17 19:21:56.0232 1468 Mode: Manual;
2011/03/17 19:21:56.0232 1468 ================================================================================
2011/03/17 19:21:56.0852 1468 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/03/17 19:21:56.0943 1468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/17 19:21:57.0023 1468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/17 19:21:57.0143 1468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/17 19:21:57.0223 1468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/17 19:21:57.0283 1468 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/17 19:21:57.0654 1468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/17 19:21:57.0894 1468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/17 19:21:57.0974 1468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/17 19:21:58.0104 1468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/17 19:21:58.0214 1468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/17 19:21:58.0295 1468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/17 19:21:58.0405 1468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/17 19:21:58.0525 1468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/17 19:21:58.0585 1468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/17 19:21:58.0665 1468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/17 19:21:59.0076 1468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/17 19:21:59.0196 1468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/17 19:21:59.0296 1468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/17 19:21:59.0356 1468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/17 19:21:59.0426 1468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/17 19:21:59.0576 1468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/17 19:21:59.0677 1468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/17 19:21:59.0747 1468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/17 19:21:59.0807 1468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/17 19:21:59.0867 1468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/17 19:21:59.0937 1468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/17 19:22:00.0007 1468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/17 19:22:00.0077 1468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/17 19:22:00.0137 1468 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/03/17 19:22:00.0197 1468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/17 19:22:00.0277 1468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/17 19:22:00.0448 1468 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/17 19:22:00.0528 1468 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/17 19:22:00.0608 1468 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/17 19:22:00.0718 1468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/17 19:22:00.0898 1468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/17 19:22:00.0968 1468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/17 19:22:01.0109 1468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/17 19:22:01.0189 1468 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/17 19:22:01.0269 1468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/17 19:22:01.0349 1468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/17 19:22:01.0419 1468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/17 19:22:01.0509 1468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/17 19:22:01.0579 1468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/17 19:22:01.0659 1468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/17 19:22:01.0719 1468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/17 19:22:01.0790 1468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/17 19:22:01.0870 1468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/17 19:22:02.0060 1468 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/03/17 19:22:02.0160 1468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/17 19:22:02.0240 1468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/17 19:22:02.0310 1468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/17 19:22:02.0370 1468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/17 19:22:02.0461 1468 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/03/17 19:22:02.0581 1468 MpKsl9ed9b442 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A1B887E-C165-4D4F-A03F-D53F8CC95995}\MpKsl9ed9b442.sys
2011/03/17 19:22:02.0611 1468 MpKsld9929716 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A1B887E-C165-4D4F-A03F-D53F8CC95995}\MpKsld9929716.sys
2011/03/17 19:22:02.0811 1468 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/03/17 19:22:02.0901 1468 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/03/17 19:22:02.0981 1468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/17 19:22:03.0081 1468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/17 19:22:03.0172 1468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/17 19:22:03.0252 1468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/17 19:22:03.0342 1468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/17 19:22:03.0402 1468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/17 19:22:03.0482 1468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/17 19:22:03.0562 1468 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/03/17 19:22:03.0622 1468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/17 19:22:03.0742 1468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/17 19:22:03.0802 1468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/17 19:22:03.0873 1468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/17 19:22:03.0973 1468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/17 19:22:04.0063 1468 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/17 19:22:04.0143 1468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/17 19:22:04.0203 1468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/17 19:22:04.0303 1468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/17 19:22:04.0373 1468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/17 19:22:04.0453 1468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/17 19:22:04.0574 1468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/17 19:22:04.0714 1468 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/17 19:22:04.0834 1468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/17 19:22:04.0904 1468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/17 19:22:04.0984 1468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/17 19:22:05.0074 1468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/17 19:22:05.0134 1468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/17 19:22:05.0194 1468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/17 19:22:05.0255 1468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/17 19:22:05.0445 1468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/17 19:22:05.0895 1468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/17 19:22:05.0986 1468 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/17 19:22:06.0076 1468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/17 19:22:06.0126 1468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/17 19:22:06.0216 1468 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/17 19:22:06.0556 1468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/17 19:22:06.0627 1468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/17 19:22:06.0697 1468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/17 19:22:06.0747 1468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/17 19:22:06.0817 1468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/17 19:22:06.0877 1468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/17 19:22:06.0977 1468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/17 19:22:07.0057 1468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/17 19:22:07.0137 1468 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/03/17 19:22:07.0217 1468 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/03/17 19:22:07.0287 1468 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/17 19:22:07.0388 1468 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/03/17 19:22:07.0528 1468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/17 19:22:07.0598 1468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/17 19:22:07.0688 1468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/17 19:22:07.0758 1468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/17 19:22:07.0878 1468 smbusp (64dce11279fde28f0abf6f04aa6a073a) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
2011/03/17 19:22:07.0988 1468 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/03/17 19:22:08.0099 1468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/17 19:22:08.0179 1468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/17 19:22:08.0299 1468 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/17 19:22:08.0499 1468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/17 19:22:08.0569 1468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/17 19:22:09.0050 1468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/17 19:22:09.0150 1468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/17 19:22:09.0300 1468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/17 19:22:09.0370 1468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/17 19:22:09.0451 1468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/17 19:22:09.0611 1468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/17 19:22:09.0781 1468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/17 19:22:09.0911 1468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/17 19:22:09.0961 1468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/17 19:22:10.0051 1468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/17 19:22:10.0112 1468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/17 19:22:10.0172 1468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/17 19:22:10.0242 1468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/17 19:22:10.0302 1468 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/03/17 19:22:10.0382 1468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/17 19:22:10.0502 1468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/17 19:22:10.0642 1468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/17 19:22:10.0712 1468 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/17 19:22:10.0813 1468 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/03/17 19:22:10.0873 1468 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/03/17 19:22:11.0013 1468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/17 19:22:11.0243 1468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/17 19:22:11.0574 1468 ================================================================================
2011/03/17 19:22:11.0574 1468 Scan finished
2011/03/17 19:22:11.0574 1468 ================================================================================
2011/03/17 19:22:40.0595 2892 Deinitialize success
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 18th, 2011, 7:32 am

Baylormum,
That Youtube video thing is just because you don't yet have enough room to install the new Java you need.
We had to remove the old one since it's vulnerable to infections. We will get there.
-----------------------------------------------------------
Unless you write Software for Windows, this development kit won't help you, and it uses up space.
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Sonic_PrimoSDK

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Do you still use AOL? (It eats a huge amount of disk space)
Do you still use Sibelius Scorch?
------------------------------------------------------------
Please look at your e-mail client carefully. If it's Outlook Express Please proceed as follows:
Open Outlook Express. When it comes up, click on the left side where it says Inbox.
You should get a pulldown menu listing Inbox, Sent and Deleted messages.
Click on Deleted.
This will list all your deleted messages. Please Highlight all messages you can permanently delete, and hit the Delete key.
Messages with the paper clip (attachments are especially helpful to get rid of).
It will probably tell you in the lower left how many messages are in your delete "box".
When you are done you can exit Outlook Express.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware
  • Start Malwarebytes' Anti-Malware.
  • Click on The Update tab. Choose Check for Updates.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it shows any malware items, Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
.

Let me know some answers to the questions about Sibelius and AOL , and the Malwarebytes' Log.
Also please check with My Computer on C: drive properties again and tell me what it reports for free space.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 18th, 2011, 7:22 pm

OK, I found no Sonic_PrimoSDK program. I do not remember ever using the sibelius scorch, so I uninstalled it.

Deleted all the deleted stuff on Outlook. I used outlook with my Blackjack II, don't think my Blackberry needs it. I don't use it for anything but addresses & I have all those saved on my BB. Also wondered about the BB Device Software Updater. It uses a bunch of space.

Yes, AOL is our main email address. We've had it for close to 20 years & not sure about stopping it. Esp because it's the email on all the applications & resumes I've sent out recently. I use gmail for facebook.

No malicious items found with malwarebytes.

Finally:
Used = 22.1
Free = 1.16
Which means I have gone backward since last time??


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6102

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/18/2011 4:10:18 PM
mbam-log-2011-03-18 (16-10-18).txt

Scan type: Quick scan
Objects scanned: 160555
Time elapsed: 13 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 19th, 2011, 8:38 am

baylormum,
No, you haven't gone backward. It just means that System Restore has enough room to do its job now, so it is.

Do you have the Installation CD and keycode for your MS Office 2003 ? What I would like to do is Uninstall it, and then Re-install it on drive D:
This would clear quite a bit of space on C: if we could do it.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    %programfiles% /nofiles
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
On the Left side, verify that Uninstall is highlighted in color, or click on it.
(You should be looking at your installed programs list)
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
Please post the contents of install.txt in your next post.

After you complete these tasks, open Microsoft Security Essentials and run a full scan.
Have it remove anything it finds. Let me know if it finds anything.

let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 19th, 2011, 6:12 pm

I don't have original Microsoft Word 2003. Guess when we moved 18 months ago it didn't make the cut! I do, however, I do have Microsoft Student/Teacher Edition 2003 that my daughter obtained whilst in college. It is the CD & Product Key. Did not uninstall the one I have yet.

System Look:

SystemLook 04.09.10 by jpshortstuff
Log created at 15:05 on 19/03/2011 by Mom & Dad
Administrator - Elevation successful

========== dir ==========

C:\Program Files - Parameters: "/nofiles"


---Folders---
Adobe d------ [17:45 27/05/2005]
AIM d------ [20:46 29/05/2005]
AIM Toolbar d------ [20:47 29/05/2005]
Amazon d------ [18:11 14/12/2009]
America Online 9.0 d------ [20:32 29/05/2005]
AOD d------ [03:26 12/08/2005]
AOL d------ [03:26 12/08/2005]
AOL Deskbar d------ [20:33 29/05/2005]
AOL Toolbar d------ [20:33 29/05/2005]
Apple Software Update d------ [03:28 25/12/2006]
ArcSoft d------ [20:20 29/05/2005]
ATT d------ [14:53 08/11/2008]
AvantGo Connect d------ [22:55 30/05/2005]
AWS d------ [20:47 29/05/2005]
billpay.aol.com d------ [01:48 29/04/2006]
Bonjour d------ [21:50 25/09/2010]
BroadJump d------ [19:16 04/07/2006]
Caere d------ [20:21 29/05/2005]
Canon d------ [20:23 29/05/2005]
CCleaner d------ [02:17 09/09/2010]
Common Files d------ [11:52 27/05/2005]
ComPlus Applications d------ [16:58 27/05/2005]
Google d------ [20:09 15/03/2011]
Hewlett-Packard d------ [22:56 04/02/2008]
HP d------ [00:29 08/02/2006]
InstallShield Installation Information d--h--- [23:47 30/05/2005]
Internet Explorer d------ [16:58 27/05/2005]
iPod d------ [21:30 16/02/2011]
iTunes d------ [22:06 25/09/2010]
Java d------ [02:24 07/08/2006]
LogMeIn Rescue Calling Card d------ [06:34 09/09/2010]
Malwarebytes' Anti-Malware d------ [22:54 18/03/2011]
Messenger d------ [16:57 27/05/2005]
Microsoft ActiveSync d------ [21:06 29/05/2005]
microsoft frontpage d------ [17:01 27/05/2005]
Microsoft Office d------ [02:44 14/12/2006]
Microsoft Security Client d------ [22:56 13/03/2011]
Microsoft Silverlight d------ [17:19 08/12/2009]
Movie Maker d------ [16:58 27/05/2005]
Mozilla Firefox d------ [00:53 02/08/2006]
MSBuild d------ [06:13 28/01/2010]
MSECache d------ [18:44 09/09/2010]
MSN d------ [16:56 27/05/2005]
MSN Gaming Zone d------ [16:57 27/05/2005]
MSSOAP d------ [19:44 28/04/2009]
MSXML 4.0 d------ [18:11 09/02/2008]
MSXML 6.0 d------ [05:52 28/01/2010]
MySpace d------ [22:45 24/09/2007]
NetMeeting d------ [16:58 27/05/2005]
Online Services d------ [16:57 27/05/2005]
Outlook Express d------ [16:58 27/05/2005]
Pure Networks d------ [20:33 29/05/2005]
QuickTime d------ [21:56 25/09/2010]
Real d------ [20:34 29/05/2005]
Recuva d------ [18:15 13/08/2010]
Reference Assemblies d------ [06:12 28/01/2010]
Research In Motion d------ [23:41 12/04/2010]
Skype d------ [21:02 05/08/2006]
Sony d------ [04:21 26/06/2010]
SUPERAntiSpyware d------ [18:07 19/08/2010]
Therapeutic Research d------ [22:53 04/05/2006]
TLC d------ [18:48 22/05/2007]
TweetDeck d------ [21:41 27/02/2011]
Uninstall Information d--h--- [17:06 27/05/2005]
Western Digital d------ [20:55 26/01/2010]
Windows Media Connect 2 d------ [21:48 30/05/2009]
Windows Media Player d------ [16:57 27/05/2005]
Windows NT d------ [16:56 27/05/2005]
Windows Sidebar d------ [00:24 17/02/2008]
WindowsUpdate d--h--- [16:57 27/05/2005]
Wise Disk Cleaner d------ [22:53 17/07/2010]
xerox d------ [17:01 27/05/2005]
Yahoo! d------ [19:18 04/07/2006]

-= EOF =-

CCleaner:


Adobe AIR Adobe Systems Inc. 2.5.1.17730
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.12.36
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.2.152.26
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Application Support Apple Inc. 1.4.1
Apple Mobile Device Support Apple Inc. 3.3.1.3
Apple Software Update Apple Inc. 2.1.1.116
ATT-AACE
BlackBerry Desktop Software 6.0 Research In Motion Ltd. 6.0.0.43
BlackBerry Device Software Updater Research In Motion Ltd 5.0.1.69
Bonjour Apple Inc. 2.0.3.0
Canon ScanGear Toolbox CS 2.2
CCleaner Piriform 3.04
Compatibility Pack for the 2007 Office system Microsoft Corporation 12.0.6514.5001
Download Updater (AOL LLC)
Facebook Plug-In Facebook, Inc.
Google Chrome Google Inc. 10.0.648.151
HiJackThis Trend Micro 1.0.0
HP Customer Participation Program 7.0 HP 7.0
HP Imaging Device Functions 7.0 HP 7.0
HP Photosmart and Deskjet 7.0 Software HP 7.1
HP Photosmart Premier Software 6.5 HP 6.5
HP Solution Center 7.0 HP 7.0
iTunes Apple Inc. 10.1.2.17
Malwarebytes' Anti-Malware Malwarebytes Corporation
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Office Standard Edition 2003 Microsoft Corporation 11.0.8173.0
Microsoft Security Essentials Microsoft Corporation 2.0.657.0
Microsoft Silverlight Microsoft Corporation 4.0.60129.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
MobileMe Control Panel Apple Inc. 3.0.1.1
Mozilla Firefox (3.5.16) Mozilla 3.5.16 (en-US)
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0
MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 6.20.2003.0
QuickTime Apple Inc. 7.69.80.9
Recuva Piriform 1.39
Secure Remote Support - Get Support Now! LogMeIn, Inc. 6.2.340
TBS WMP Plug-in CNN 1.00.518
TweetDeck TweetDeck Inc 0.37.5
WD SmartWare Western Digital 1.2.0.8
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin Microsoft Corp 1.0.0.8
Windows XP Service Pack 3 Microsoft Corporation 20080414.031525
Wise Disk Cleaner 5.33 WiseCleaner.com
Yahoo! Install Manager

Nothing was found with the forever, Microsoft Security Essentials Full Scan!

Next??
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 19th, 2011, 6:33 pm

baylormum,
It appears that your entire set of problems has to do with not having enough room on your C: drive.

You may want to print this out to make it easier to follow.
This is a bit cumbersome, but you can do it.
This will get your videos back.
----------------------------------------------------
Compose and Run A Batch File
Please highlight, copy (Ctrl+C) and paste (Ctrl+V) the text inside the quote into a new Notepad document. Notepad is here > Start, All Programs, Accessories, Notepad
D:
cd..
cd..
cd..
md "Program Files"
cd "Program Files"
md "Adobe"
md "Java"
md "Microsoft Office"
cd Adobe
md "Reader 10.0"
cd..
cd Java
md jre6
cd..
cd..
cd..

Save it on your Desktop as file type "All Files" (NOT as "Text Documents") and name it NewDrive.bat
Close Notepad.
Double click NewDrive.bat on your Desktop.
A window will flash briefly and close. This is normal.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 24 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Doubleclick it (jre-6u24-windows-1586.exe) on your desktop.
Check "Change Destination Folder" and "Install".
Click "Change"
Navigate to D:\Program Files\Java\jre6 and click OK
Click Next
When it finishes, you can remove the Installer from your desktop.

--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop.
Doubleclick it (AdbeRdr1000_en_US.exe) on your desktop.
Wait a moment for extraction.
Check "Change Destination Folder"
Choose D:\Program Files\Java\jre6
(You can just change the C: to a D:)
Click OK
Click Install
When it finishes, you can remove the Installer from your desktop.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button

Let me know how it goes.
As soon as you answer, Microsoft Office is next.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 20th, 2011, 5:59 pm

Reinstalled Java & Adobe. On D drive now. So why does the C drive show even less free space??
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby baylormum » March 20th, 2011, 6:57 pm

Oh, and still can't view youtube videos. I can play them on fb, but not on the youtube site. There is just a white space where the video usually sits. I can still see the thumbnails to the right, but clicking on them brings up nothing but audio. And I can't view any video full-screen.
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 20th, 2011, 7:05 pm

baylormum,
The Windows System is somewhat free of the chains it has been living under.
I don't see any malware on your system at this time.
-------------------------------------------------
Reset Size of Recycle Bin
Right click the Recycle Bin Icon and choose Properties
In the Global tab, move the slider to the Left to show 2% Maximum Size.
Click Apply and OK
----------------------------------------------
Remove SP3 Uninstall Files
This Procedure will save at least 500Mb of disk space, but it will mean you cannot Uninstall SP3
Open My Computer
Click on Tools, and open Folder Options
Click on the View tab, CHECK the box to Show Hidden Files, and UNCHECK the box to Hide Protected Files.
Double Click "C" and open the Windows directory.
Find and Right-click on the folder named $NtServicePackUninstall$ and choose Delete
If it warns that the folder is too big for the Recycle Bin, instruct it to Delete anyway.
----------------------------------------------
Run Temp File Cleaner (TFC.exe)
Double click TFC.exe on your desktop to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------
Use Windows Update Remover
Go to http://www.tech-pro.net/windows-update-remover.html
Download the remover to your desktop.
Start it, choose Updates prior to 2010 and click Remove Backup Folder
DO NOT CHOOSE UNINSTALL UPDATE FOR ANY OF THEM !!!!
Each one you remove will gain you some hard drive real estate on C:

You can check on progress at any time with MY Computer
Right Click C: and choose Properties.
You may have to reboot to recover the full value of empty space.
----------------------------------------------
Run Temp File Cleaner (TFC.exe)
Double click TFC.exe on your desktop to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

Let me know how it goes, and tell me what you get for numbers.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 271 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware