View Full Version : Spybot S&D won't delete Banker Trojan
I run Spybot S&D and a Banker Trojan shows up. Spybot supposedly removes it, but each time I boot my computer back up, it's there again. I downloaded and ran HiJackThis. Here is my log. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:58 AM, on 12/19/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Reg Tool\Reg Tool.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22244EE6-4071-4EB2-B6D6-76BDB8535FF0}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{22244EE6-4071-4EB2-B6D6-76BDB8535FF0}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\ACFXAU64.exe (file missing)
--
End of file - 10518 bytes
Thanks for help.
Hi,
What item Spybot detects as infected?
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file in your next reply.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Hi, This is what Spybot detects. Will post the rest of your requested info as soon as I can. Banker: [SBI $EBFB4022] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}
Banker: [SBI $7F6039C1] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-10 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-12-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-12-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-22 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2009-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-15 Includes\Malware.sbi (*)
2009-12-23 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-12-15 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-12-22 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-12-22 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2009-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Here is more information that you requested. Malwarebytes' Anti-Malware 1.42
Database version: 3425
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
12/26/2009 12:12:23 AM
mbam-log-2009-12-26 (00-12-23).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 245091
Time elapsed: 44 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here are OLT reports.
OTL logfile created on: 12/26/2009 12:52:14 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Tonya\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 358.60 Gb Free Space | 79.50% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.65 Gb Free Space | 38.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TONYA-PC
Current User Name: Tonya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Tonya\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Reg Tool\Reg Tool.exe (PC Utility, Inc.)
PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Dell V305\dldtmsdmon.exe ()
PRC - C:\Program Files (x86)\Dell V305\dldtmon.exe ()
PRC - C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files (x86)\Karen's Power Tools\Clipboard Viewer\PTClpVue.exe (Karen Kenworthy)
========== Modules (SafeList) ==========
MOD - C:\Users\Tonya\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (dldtCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldtserv.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (dldt_device) -- C:\Windows\SysNative\dldtcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\ACFXAU64.exe (Conexant Systems, Inc.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (stllssvr) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (dldt_device) -- C:\Windows\SysWow64\dldtcoms.exe ( )
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 07:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (Ser2ph) -- C:\Windows\SysNative\DRIVERS\ser2ph64.sys (Prolific Technology Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (dgcfltr) -- C:\Windows\SysNative\DRIVERS\ACFDCP64.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\ACFXAU64.sys (Conexant Systems, Inc.)
DRV:64bit: - (acfva) -- C:\Windows\SysNative\DRIVERS\ACFVA64.sys (Conexant Systems Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\ACFSDK64.sys (Conexant)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (366554 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 127.0.0.1 www.123moviedownload.com
O1 - Hosts: 12615 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: cahawba.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: digital-almanac.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: singingnews.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2009/12/26 00:50:21 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Tonya\Desktop\OTL.exe
[2009/12/26 00:39:03 | 00,000,000 | ---D | C] -- C:\Users\Tonya\Documents\Malware Notepad Report
[2009/12/25 23:06:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Karen's Power Tools
[2009/12/25 23:05:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Karen's Power Tools
[2009/12/24 16:21:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/24 16:21:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/24 16:19:26 | 04,844,264 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tonya\Desktop\mbam-setup.exe
[2009/12/19 00:07:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/12/19 00:04:24 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tonya\Desktop\HijackThisInstaller.exe
[2009/12/16 05:58:08 | 00,563,872 | ---- | C] (Google Inc.) -- C:\Users\Tonya\Desktop\GoogleEarthSetup.exe
[2009/12/13 05:14:08 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2009/12/13 05:14:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2009/12/13 05:14:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2009/12/13 05:14:00 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2009/12/10 22:22:23 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/12/10 22:22:23 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/12/10 22:22:22 | 01,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/12/10 22:22:22 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/12/10 22:22:22 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/12/10 22:22:22 | 00,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/12/10 22:22:22 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/12/10 22:22:22 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/12/10 22:22:22 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/12/10 22:22:21 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/12/10 22:22:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/12/10 22:22:21 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/12/10 22:22:21 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/12/10 22:22:21 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/12/10 22:22:21 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/12/10 22:22:21 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/12/10 22:22:21 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/12/10 22:22:21 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/12/10 22:22:21 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/12/10 22:22:21 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/12/10 22:22:20 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/12/10 22:22:20 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/12/10 22:22:20 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/12/10 22:22:20 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/12/10 22:22:20 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/12/10 22:22:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/12/10 22:22:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/12/10 22:22:20 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/12/10 22:22:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/12/10 22:22:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/12/10 22:22:20 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/12/09 15:14:57 | 00,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2009/12/09 15:14:57 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2009/12/07 12:22:06 | 00,000,000 | ---D | C] -- C:\Users\Tonya\AppData\Local\Stardock_Corporation
[2009/12/03 22:03:42 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2009/12/03 22:03:42 | 00,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2009/12/03 22:03:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BANKER Removal Tool[1]
[2009/11/30 07:19:29 | 00,000,000 | ---D | C] -- C:\Users\Tonya\AppData\Roaming\PeerNetworking
[2009/07/22 13:40:32 | 08,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Tonya\AppData\Roaming\DataSafeDotNet.exe
[2009/02/21 16:07:50 | 00,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
[2009/02/21 16:07:49 | 00,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
[2009/02/21 16:07:49 | 00,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
[2009/02/21 16:07:47 | 01,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
[2009/02/21 16:07:47 | 00,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
[2009/02/21 16:07:46 | 00,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
[2009/02/21 16:07:46 | 00,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
[2009/02/21 16:07:45 | 00,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
[2009/02/21 16:07:45 | 00,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll
[2009/02/21 16:07:44 | 00,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/26 00:54:59 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{488838B3-605C-4B97-8813-586AA78982CE}.job
[2009/12/26 00:51:02 | 05,767,168 | -HS- | M] () -- C:\Users\Tonya\ntuser.dat
[2009/12/26 00:50:45 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{075F4FAD-E9C0-4742-91F8-86FB5FE393FE}.job
[2009/12/26 00:50:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Tonya\Desktop\OTL.exe
[2009/12/26 00:04:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/25 23:24:50 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/25 23:24:50 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/25 18:59:26 | 00,366,554 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/12/25 12:00:00 | 00,000,446 | ---- | M] () -- C:\Windows\tasks\Reg Tool Scan.job
[2009/12/25 07:30:59 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/25 07:30:59 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/25 07:30:59 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/25 07:25:16 | 00,000,386 | ---- | M] () -- C:\Windows\tasks\Reg Tool Startup.job
[2009/12/25 07:25:06 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/25 07:24:53 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2009/12/25 07:24:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/25 07:24:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/25 01:23:18 | 00,524,288 | -HS- | M] () -- C:\Users\Tonya\ntuser.dat{f1fbd7ca-30bc-11de-b598-00219b0efb1d}.TMContainer00000000000000000001.regtrans-ms
[2009/12/25 01:23:18 | 00,065,536 | -HS- | M] () -- C:\Users\Tonya\ntuser.dat{f1fbd7ca-30bc-11de-b598-00219b0efb1d}.TM.blf
[2009/12/25 01:23:15 | 01,874,285 | -H-- | M] () -- C:\Users\Tonya\AppData\Local\IconCache.db
[2009/12/24 21:35:42 | 04,844,264 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tonya\Desktop\mbam-setup.exe
[2009/12/24 16:21:41 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 12:30:10 | 00,363,782 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20091225-185926.backup
[2009/12/22 01:09:18 | 00,366,554 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2009/12/19 13:55:50 | 00,003,590 | ---- | M] () -- C:\Users\Tonya\AppData\Roaming\wklnhst.dat
[2009/12/19 13:54:58 | 00,214,528 | ---- | M] () -- C:\Users\Tonya\Documents\Youth-Spiritual-Gifts-Test.doc
[2009/12/19 00:07:48 | 00,001,930 | ---- | M] () -- C:\Users\Tonya\Desktop\HijackThis.lnk
[2009/12/19 00:04:24 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tonya\Desktop\HijackThisInstaller.exe
[2009/12/18 23:56:00 | 00,101,466 | ---- | M] () -- C:\Users\Tonya\Documents\discover-your-gifts-short-form.pdf
[2009/12/18 21:03:03 | 00,366,554 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20091222-010918.backup
[2009/12/16 06:58:41 | 00,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/16 05:58:08 | 00,563,872 | ---- | M] (Google Inc.) -- C:\Users\Tonya\Desktop\GoogleEarthSetup.exe
[2009/12/15 23:48:00 | 00,002,565 | ---- | M] () -- C:\Users\Tonya\Desktop\Microsoft Streets & Trips 2009.lnk
[2009/12/12 17:17:28 | 00,066,048 | ---- | M] () -- C:\Users\Tonya\Documents\Mrs. Hillman's medication list.wps
[2009/12/08 05:43:27 | 00,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2009/12/05 05:47:23 | 00,031,744 | ---- | M] () -- C:\Users\Tonya\Documents\Vegetable chicken soup.wdb
[2009/12/04 08:01:25 | 00,050,176 | ---- | M] () -- C:\Users\Tonya\Documents\Grocery List.wps
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/01 12:37:26 | 00,355,830 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20091218-210303.backup
[2009/11/30 07:19:29 | 00,024,226 | ---- | M] () -- C:\Users\Tonya\AppData\Roaming\UserTile.png
[2009/11/29 00:02:06 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/24 16:21:41 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/19 13:54:58 | 00,214,528 | ---- | C] () -- C:\Users\Tonya\Documents\Youth-Spiritual-Gifts-Test.doc
[2009/12/19 00:07:48 | 00,001,930 | ---- | C] () -- C:\Users\Tonya\Desktop\HijackThis.lnk
[2009/12/18 23:55:59 | 00,101,466 | ---- | C] () -- C:\Users\Tonya\Documents\discover-your-gifts-short-form.pdf
[2009/12/16 06:58:41 | 00,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/16 05:59:13 | 00,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/16 05:59:12 | 00,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/08 05:43:27 | 00,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2009/12/04 23:58:56 | 00,031,744 | ---- | C] () -- C:\Users\Tonya\Documents\Vegetable chicken soup.wdb
[2009/11/30 07:19:29 | 00,024,226 | ---- | C] () -- C:\Users\Tonya\AppData\Roaming\UserTile.png
[2009/11/29 15:50:05 | 00,050,176 | ---- | C] () -- C:\Users\Tonya\Documents\Grocery List.wps
[2009/11/29 00:02:06 | 00,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/08/05 06:52:33 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/05 06:51:35 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/15 12:45:34 | 00,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
[2009/05/27 03:48:08 | 00,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2009/05/14 13:57:38 | 00,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
[2009/02/23 06:05:14 | 00,004,608 | ---- | C] () -- C:\Users\Tonya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/21 16:07:50 | 00,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
[2009/02/21 16:07:50 | 00,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
[2009/02/21 16:07:49 | 00,520,192 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
[2009/02/21 16:07:49 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
[2009/02/21 16:07:49 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
[2009/02/21 16:07:49 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
[2009/02/21 16:07:48 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
[2009/02/21 16:07:48 | 00,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
[2009/02/21 16:07:48 | 00,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
[2009/02/21 16:07:47 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
[2009/02/21 16:07:44 | 00,077,906 | ---- | C] () -- C:\Windows\SysWow64\DLDTcfg.dll
[2009/02/21 10:19:43 | 00,003,590 | ---- | C] () -- C:\Users\Tonya\AppData\Roaming\wklnhst.dat
[2009/02/16 08:25:59 | 01,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/02/16 08:25:59 | 01,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/02/16 08:25:59 | 00,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/13 13:13:09 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 853 bytes -> C:\Users\Tonya\Documents\Emailing_ Class Picture 2009 003.eml:OECustomProperty
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
OTL Extras logfile created on: 12/26/2009 12:52:14 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Tonya\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 358.60 Gb Free Space | 79.50% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.65 Gb Free Space | 38.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TONYA-PC
Current User Name: Tonya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A8 93 F1 43 CE 15 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4175602908-335238927-3565020206-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E6A5B69-406F-4FD6-84C8-E5DBE734E1D9}" = rport=445 | protocol=6 | dir=out | app=system |
"{256623E3-F267-44F0-977A-D8BA12218D96}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38BC94B6-D543-4786-AC20-E39C76E8B304}" = rport=137 | protocol=17 | dir=out | app=system |
"{3A667113-1099-4F56-A334-4AE8F5E5D92B}" = lport=137 | protocol=17 | dir=in | app=system |
"{52E300F5-B6CF-48A6-A8AD-59E48A1838B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5B15357B-ED2A-4E9F-B5CB-3F85BB2CB021}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5EE25982-100A-4777-BF81-CA2972922DA1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F4D2276-C57B-4FD9-B848-AF5CA3F83279}" = rport=138 | protocol=17 | dir=out | app=system |
"{8BDDD4BD-91F9-4466-9B52-E1D437077A10}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F558020-B092-43F2-A999-4E569C9B3E20}" = lport=139 | protocol=6 | dir=in | app=system |
"{DA375328-D4FE-4C18-A469-032D594E24F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE760A33-96AC-4A26-A634-CC836CB33CB6}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057F5B34-55D6-4D21-A77E-2184B4863DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{0617EF0C-8A5C-4E65-B961-0F9677D982C0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtlscn.exe |
"{0756B721-8D9A-41D7-BB12-A5BFBFFD4187}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{07E5F1E1-A66F-46F5-858D-E8273FA51F32}" = protocol=17 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{1016E866-CE26-44B4-BFCD-184B0ED85778}" = protocol=6 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{19306B95-833B-49F2-BA8D-43ED0215027E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtwbgw.exe |
"{29B5D0DC-3615-4C39-BC87-9639A60D5337}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtlscn.exe |
"{2AC70DF6-0184-4782-BBFA-47A393F7D570}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3C1F77D6-A9A6-41DF-9446-72E422765611}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{4A75050C-34CC-487F-BD28-5E5A8753E435}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{518EA9BB-0FD4-4C26-BC90-3E938FEA9FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{539AB141-0CD0-4782-83BB-A8615241FA29}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtwbgw.exe |
"{56698FAA-1364-4E4A-95A7-BFFFF85020AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75E5E843-4EB9-419C-818E-A8C3A56C6425}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{794A1977-8787-4075-A7A6-DF94BDFFDED8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85F1E965-7138-4CF4-9DE3-B0C73AE83F6F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8CFA9B23-1CC6-4BDF-AD4F-C1FA32AEDE90}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{935641E6-1D63-4269-B010-168267C2C0ED}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{952B3B88-9B1B-463D-A8DB-DC7A6ACA25F4}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{985605C3-0545-447D-9D9E-57FA6D75F332}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"{9A19F791-4EAF-4AFB-B2C4-52BB1FCD7405}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9CC39120-EEF6-4C55-B129-CC8333A0EA32}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9DF79180-D7C5-496A-B8E6-8D37746CE5A7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{A1345DA1-2B88-40E1-B326-2E74FBDC576D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A15B39F5-96FF-4D32-9BB5-5BEF561F07F2}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{A30240F6-5600-48D8-874E-7720249EAAC9}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{AF7F7027-A6BC-4B8E-9737-B60AC1E3C5FC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{B3299410-DFA1-422C-8F3A-11CF4B44A79B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{B3A6693A-4F34-4836-BFAC-EC26823CDD38}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D25F442C-7290-4118-927B-63B4E10AD504}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{E2F57AC1-535D-4E21-943B-7EAACEAE09CB}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{E95128BD-6607-429C-9250-4C41698E78B7}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{F13CFB20-D732-44FA-ACE4-936A395013ED}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{F3B7BAE3-D664-4F77-ABC0-595CE9F1E9E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F813C0E4-0BDC-43DC-BA4E-D416AA47F8DD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"TCP Query User{7041EC9C-E25D-4DEF-8E3B-A565D5CAAD1B}C:\users\tonya\appdata\local\download.exe" = protocol=6 | dir=in | app=c:\users\tonya\appdata\local\download.exe |
"UDP Query User{704C4A1B-E4C4-4A69-A4DD-C2143E578FD1}C:\users\tonya\appdata\local\download.exe" = protocol=17 | dir=in | app=c:\users\tonya\appdata\local\download.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostics Tool
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"CNXT_MODEM_USB_ACF" = Conexant USB D400 V.92 Modem
"Dell V305" = Dell V305
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"UsrGuide" = Conexant Modem User's Guide
"ZMBV" = Zip Motion Block Video codec (Remove Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{555E23C8-FE55-479D-8E3E-FDDCCAA33413}" = Reg Tool
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BANKER Removal Tool[1]_is1" = BANKER Removal Tool[1]
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"HijackThis" = HijackThis 2.0.2
"iWinArcade" = iWin Games (remove only)
"Karen's Clipboard Viewer" = Karen's Clipboard Viewer
"Mahjong Quest 2" = Mahjong Quest 2 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"My Photo Adventure" = My Photo Adventure
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/21/2009 8:04:05 PM | Computer Name = Tonya-PC | Source = Google Update | ID = 20
Description =
Error - 12/21/2009 9:04:05 PM | Computer Name = Tonya-PC | Source = Google Update | ID = 20
Description =
Error - 12/21/2009 10:04:05 PM | Computer Name = Tonya-PC | Source = Google Update | ID = 20
Description =
Error - 12/22/2009 2:54:25 AM | Computer Name = Tonya-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/22/2009 2:55:03 AM | Computer Name = Tonya-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/22/2009 3:13:45 AM | Computer Name = Tonya-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/22/2009 3:16:00 AM | Computer Name = Tonya-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/22/2009 3:16:48 AM | Computer Name = Tonya-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/22/2009 9:08:25 AM | Computer Name = Tonya-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/22/2009 9:09:55 AM | Computer Name = Tonya-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()
[ Media Center Events ]
Error - 5/30/2009 3:29:48 PM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/6/2009 1:38:30 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/6/2009 1:38:46 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/6/2009 1:38:55 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/6/2009 1:43:06 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/6/2009 8:10:37 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/6/2009 10:03:23 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/10/2009 4:25:46 AM | Computer Name = Tonya-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 11/3/2009 1:09:53 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 11/3/2009 1:10:16 AM | Computer Name = Tonya-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 7/6/2009 9:30:55 AM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
Error - 7/6/2009 11:02:25 AM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
Error - 7/7/2009 7:01:23 AM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
Error - 7/8/2009 7:11:52 AM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
Error - 7/8/2009 9:48:52 AM | Computer Name = Tonya-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 7/8/2009 11:46:02 AM | Computer Name = Tonya-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 7/8/2009 12:09:01 PM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
Error - 7/8/2009 12:24:49 PM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
Error - 7/8/2009 2:07:28 PM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
Error - 7/8/2009 2:37:04 PM | Computer Name = Tonya-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
[-HKEY_CLASSES_ROOT\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
:Commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh OTL log.
Thanks for your help. I don't know how to disable Tea Timer in Spybot. I am not familiar with it. Could you tell me how & I will get the rest of your info? Thanks again.
Hi,
There're step-by-step instructions for TeaTimer disabling in the beginning of my previous post :)
Hi,
Here is the new OTL Log. Will post everything else as I get it done.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: RA Media Server
->Temp folder emptied: 3342535 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Tonya
->Temp folder emptied: 825620 bytes
->Temporary Internet Files folder emptied: 32697814 bytes
->Java cache emptied: 2462925 bytes
->Google Chrome cache emptied: 25214798 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 50353 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 31832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1139473 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 63.00 mb
OTL by OldTimer - Version 3.1.20.1 log created on 12262009_162417
Files\Folders moved on Reboot...
File\Folder C:\Users\Tonya\AppData\Local\Temp\~DF278D.tmp not found!
File\Folder C:\Users\Tonya\AppData\Local\Temp\~DF2792.tmp not found!
File\Folder C:\Users\Tonya\AppData\Local\Temp\~DF27D8.tmp not found!
File\Folder C:\Users\Tonya\AppData\Local\Temp\~DF27DD.tmp not found!
File\Folder C:\Users\Tonya\AppData\Local\Temp\~DF2800.tmp not found!
File\Folder C:\Users\Tonya\AppData\Local\Temp\~DF2805.tmp not found!
C:\Users\Tonya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZNWEWXCP\showthread[1].htm moved successfully.
C:\Users\Tonya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Tonya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
Registry entries deleted on Reboot...
Hi Again,
I downloaded the latest Java as requested, then deleted all old ones. When trying to use the Kaspersky Online Scanner, I run into a problem. I get a message that says "Launch of the Java application is interrupted! Please establish an uninterrupted connection for work with this program." I'm at a standstill right here. I'll wait for instructions. Thanks much.
Hi,
You may use ESET scanner instead:
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Post back its report & fresh otl.txt report. How's the system running?
Hello,
When I click on "Agree to terms" and then on the start button, a blue screen comes up with a small box in top left hand corner. I am unable to get past this point. Thanks for your help. You are always so helpful. Tonya
Hello,
I have been unable to use the ESET Online Scanner. The problem is when I click on the start button after accepting terms of use. I get a blue screen with a very small box in the upper left-hand corner. The screen stays blank and I am unable to advance past this point. Thanks so much for all your help. I'll wait for the next instructions. Tonya
Hi,
Try to run Kaspersky online scanner one more time. If it still fails try this one:
Download the latest version of Kaspersky Virus Removal Tool (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/)
* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
Hi Again,
I know I probably seem like a pest to you, but nothing seems to work. I've tried several times from different locations to download Kaspersky Virus Removal Tool. (It takes several hours to do so because all I'm offered where I live is dial-up.) Each time download is comeplete and I click to install, a message box pops up telling me the setup files are corrupt & try from another location. I've also tried several times again to use Kaspersky Online Scanner & the ESET Online Scanner and I get the same result each time as described in prior posts. So I still need your help. Please don't give up on me. Thank you so much for being patient with me. Tonya
Hi,
Yes, these online scanners are not dial up friendly unfortunately. If there are no remaining symptoms then maybe we can skip online scanner run.
May I see fresh otl.txt log, please? :)
Hi,
Here is my OLT scan results.
moz-screenshot-3.pngOTL logfile created on: 1/5/2010 7:10:20 AM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Tonya\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 353.46 Gb Free Space | 78.36% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.42 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TONYA-PC
Current User Name: Tonya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Tonya\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Reg Tool\Reg Tool.exe (PC Utility, Inc.)
PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Dell V305\dldtmsdmon.exe ()
PRC - C:\Program Files (x86)\Dell V305\dldtmon.exe ()
PRC - C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
========== Modules (SafeList) ==========
MOD - C:\Users\Tonya\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV:[B]64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (dldtCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldtserv.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (dldt_device) -- C:\Windows\SysNative\dldtcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\ACFXAU64.exe (Conexant Systems, Inc.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (stllssvr) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (dldt_device) -- C:\Windows\SysWow64\dldtcoms.exe ( )
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 07:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (Ser2ph) -- C:\Windows\SysNative\DRIVERS\ser2ph64.sys (Prolific Technology Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (dgcfltr) -- C:\Windows\SysNative\DRIVERS\ACFDCP64.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\ACFXAU64.sys (Conexant Systems, Inc.)
DRV:64bit: - (acfva) -- C:\Windows\SysNative\DRIVERS\ACFVA64.sys (Conexant Systems Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\ACFSDK64.sys (Conexant)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (363782 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com (http://www.007guard.com)
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com (http://www.032439.com)
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com (http://www.0scan.com)
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com (http://www.1001namen.com)
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com (http://www.10sek.com)
O1 - Hosts: 127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)
O1 - Hosts: 12514 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: cahawba.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: digital-almanac.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: singingnews.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/01/04 07:15:50 | 16,672,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tonya\Desktop\jre-6u17-windows-i586.exe
[2010/01/04 05:20:44 | 00,000,000 | ---D | C] -- C:\Users\Tonya\Desktop\JavaRa
[2010/01/03 00:48:14 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/01/03 00:48:14 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/01/03 00:48:14 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/01/03 00:47:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/01/03 00:40:40 | 16,832,288 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tonya\Desktop\jre-6u17-windows-i586-s.exe
[2010/01/02 08:02:14 | 01,956,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Tonya\Desktop\install_flash_player_ax.exe
[2009/12/27 11:45:06 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009/12/27 07:20:39 | 00,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2009/12/26 20:22:34 | 00,209,624 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Tonya\Desktop\uninstall_flash_player.exe
[2009/12/26 16:24:17 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/26 00:50:21 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Tonya\Desktop\OTL.exe
[2009/12/25 23:06:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Karen's Power Tools
[2009/12/25 23:05:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Karen's Power Tools
[2009/12/24 16:21:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/19 00:07:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/12/19 00:04:24 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tonya\Desktop\HijackThisInstaller.exe
[2009/12/16 05:58:08 | 00,563,872 | ---- | C] (Google Inc.) -- C:\Users\Tonya\Desktop\GoogleEarthSetup.exe
[2009/12/13 05:14:08 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2009/12/13 05:14:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2009/12/13 05:14:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2009/12/13 05:14:00 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2009/12/10 22:22:23 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/12/10 22:22:23 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/12/10 22:22:22 | 01,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/12/10 22:22:22 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/12/10 22:22:22 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/12/10 22:22:22 | 00,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/12/10 22:22:22 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/12/10 22:22:22 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/12/10 22:22:22 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/12/10 22:22:21 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/12/10 22:22:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/12/10 22:22:21 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/12/10 22:22:21 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/12/10 22:22:21 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/12/10 22:22:21 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/12/10 22:22:21 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/12/10 22:22:21 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/12/10 22:22:21 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/12/10 22:22:21 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/12/10 22:22:21 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/12/10 22:22:20 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/12/10 22:22:20 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/12/10 22:22:20 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/12/10 22:22:20 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/12/10 22:22:20 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/12/10 22:22:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/12/10 22:22:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/12/10 22:22:20 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/12/10 22:22:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/12/10 22:22:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/12/10 22:22:20 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/12/09 15:14:57 | 00,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2009/12/09 15:14:57 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2009/12/07 12:22:06 | 00,000,000 | ---D | C] -- C:\Users\Tonya\AppData\Local\Stardock_Corporation
[2009/07/22 13:40:32 | 08,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Tonya\AppData\Roaming\DataSafeDotNet.exe
[2009/02/21 16:07:50 | 00,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
[2009/02/21 16:07:49 | 00,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
[2009/02/21 16:07:49 | 00,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
[2009/02/21 16:07:47 | 01,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
[2009/02/21 16:07:47 | 00,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
[2009/02/21 16:07:46 | 00,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
[2009/02/21 16:07:46 | 00,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
[2009/02/21 16:07:45 | 00,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
[2009/02/21 16:07:45 | 00,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll
[2009/02/21 16:07:44 | 00,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
========== Files - Modified Within 30 Days ==========
[2010/01/05 07:11:16 | 05,767,168 | -HS- | M] () -- C:\Users\Tonya\ntuser.dat
[2010/01/05 07:10:46 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{488838B3-605C-4B97-8813-586AA78982CE}.job
[2010/01/05 07:10:46 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{075F4FAD-E9C0-4742-91F8-86FB5FE393FE}.job
[2010/01/05 07:10:03 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 07:10:03 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 07:04:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/05 06:04:00 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/04 13:15:28 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/04 13:15:28 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/04 13:15:28 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/04 13:10:40 | 00,000,386 | ---- | M] () -- C:\Windows\tasks\Reg Tool Startup.job
[2010/01/04 13:10:03 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/01/04 13:10:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/04 13:09:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/04 13:09:16 | 00,524,288 | -HS- | M] () -- C:\Users\Tonya\ntuser.dat{f1fbd7ca-30bc-11de-b598-00219b0efb1d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 13:09:16 | 00,065,536 | -HS- | M] () -- C:\Users\Tonya\ntuser.dat{f1fbd7ca-30bc-11de-b598-00219b0efb1d}.TM.blf
[2010/01/04 12:24:35 | 06,291,456 | -H-- | M] () -- C:\Users\Tonya\AppData\Local\IconCache.db
[2010/01/04 12:00:00 | 00,000,446 | ---- | M] () -- C:\Windows\tasks\Reg Tool Scan.job
[2010/01/04 07:15:50 | 16,672,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tonya\Desktop\jre-6u17-windows-i586.exe
[2010/01/04 05:20:01 | 00,071,798 | ---- | M] () -- C:\Users\Tonya\Desktop\JavaRa.zip
[2010/01/03 00:48:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/01/03 00:48:01 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/01/03 00:48:01 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/01/03 00:48:01 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/01/03 00:40:40 | 16,832,288 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tonya\Desktop\jre-6u17-windows-i586-s.exe
[2010/01/02 08:02:14 | 01,956,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Tonya\Desktop\install_flash_player_ax.exe
[2010/01/01 12:38:57 | 00,363,782 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/12/27 21:58:59 | 00,124,416 | ---- | M] () -- C:\Users\Tonya\Documents\Camping List.wps
[2009/12/27 21:58:59 | 00,003,684 | ---- | M] () -- C:\Users\Tonya\AppData\Roaming\wklnhst.dat
[2009/12/27 07:20:09 | 00,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2009/12/26 20:22:34 | 00,209,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Tonya\Desktop\uninstall_flash_player.exe
[2009/12/26 00:50:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Tonya\Desktop\OTL.exe
[2009/12/25 18:59:26 | 00,366,554 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2009/12/22 12:30:10 | 00,363,782 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20091225-185926.backup
[2009/12/19 13:54:58 | 00,214,528 | ---- | M] () -- C:\Users\Tonya\Documents\Youth-Spiritual-Gifts-Test.doc
[2009/12/19 00:07:48 | 00,001,930 | ---- | M] () -- C:\Users\Tonya\Desktop\HijackThis.lnk
[2009/12/19 00:04:24 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tonya\Desktop\HijackThisInstaller.exe
[2009/12/18 23:56:00 | 00,101,466 | ---- | M] () -- C:\Users\Tonya\Documents\discover-your-gifts-short-form.pdf
[2009/12/18 21:03:03 | 00,366,554 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20091222-010918.backup
[2009/12/16 05:58:08 | 00,563,872 | ---- | M] (Google Inc.) -- C:\Users\Tonya\Desktop\GoogleEarthSetup.exe
[2009/12/15 23:48:00 | 00,002,565 | ---- | M] () -- C:\Users\Tonya\Desktop\Microsoft Streets & Trips 2009.lnk
[2009/12/12 17:17:28 | 00,066,048 | ---- | M] () -- C:\Users\Tonya\Documents\Mrs. Hillman's medication list.wps
[2009/12/08 05:43:27 | 00,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
========== Files Created - No Company Name ==========
[2010/01/04 05:20:01 | 00,071,798 | ---- | C] () -- C:\Users\Tonya\Desktop\JavaRa.zip
[2009/12/27 20:48:05 | 00,124,416 | ---- | C] () -- C:\Users\Tonya\Documents\Camping List.wps
[2009/12/19 13:54:58 | 00,214,528 | ---- | C] () -- C:\Users\Tonya\Documents\Youth-Spiritual-Gifts-Test.doc
[2009/12/19 00:07:48 | 00,001,930 | ---- | C] () -- C:\Users\Tonya\Desktop\HijackThis.lnk
[2009/12/18 23:55:59 | 00,101,466 | ---- | C] () -- C:\Users\Tonya\Documents\discover-your-gifts-short-form.pdf
[2009/12/16 05:59:13 | 00,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/16 05:59:12 | 00,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/08 05:43:27 | 00,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2009/11/30 07:19:29 | 00,024,226 | ---- | C] () -- C:\Users\Tonya\AppData\Roaming\UserTile.png
[2009/08/05 06:52:33 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/05 06:51:35 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/15 12:45:34 | 00,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
[2009/05/27 03:48:08 | 00,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2009/05/14 13:57:38 | 00,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
[2009/02/23 06:05:14 | 00,004,608 | ---- | C] () -- C:\Users\Tonya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/21 16:07:50 | 00,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
[2009/02/21 16:07:50 | 00,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
[2009/02/21 16:07:49 | 00,520,192 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
[2009/02/21 16:07:49 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
[2009/02/21 16:07:49 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
[2009/02/21 16:07:49 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
[2009/02/21 16:07:48 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
[2009/02/21 16:07:48 | 00,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
[2009/02/21 16:07:48 | 00,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
[2009/02/21 16:07:47 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
[2009/02/21 16:07:44 | 00,077,906 | ---- | C] () -- C:\Windows\SysWow64\DLDTcfg.dll
[2009/02/21 10:19:43 | 00,003,684 | ---- | C] () -- C:\Users\Tonya\AppData\Roaming\wklnhst.dat
[2009/02/16 08:25:59 | 01,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/02/16 08:25:59 | 01,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/02/16 08:25:59 | 00,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/13 13:13:09 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 853 bytes -> C:\Users\Tonya\Documents\Emailing_ Class Picture 2009 003.eml:OECustomProperty
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
;
Looks good :)
Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.