Hi-

I can't believe it happened to me....but it did.

Must have gone on a shady site. I type something into a google search. It pulls up results, but takes me somewhere else when I click on the site. It also happens when I type most addys right into the addy box. Other than that, everything seems fine.

I ran spybot immediately, but it's still happening.

I downloaded ERUNT. I also did the DDS part. Here is the log:

I have to go back to the "read this first" post to learn how to zip the attach.txt file. I will put that in my next post

Thank you so very much!!

deb

ninja.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Debby at 13:29:13.90 on Sat 03/19/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.57 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Debby\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer By Mad Man Moon
mWindow Title = Microsoft Internet Explorer By Mad Man Moon
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [SpybotDeletingB2234] command /c del "c:\windows\temp\explorer.dat_old"
uRunOnce: [SpybotDeletingD301] cmd /c del "c:\windows\temp\explorer.dat_old"
uRunOnce: [SpybotDeletingB3987] command /c del "c:\windows\temp\winlogon.dat_old"
uRunOnce: [SpybotDeletingD5925] cmd /c del "c:\windows\temp\winlogon.dat_old"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [SpybotDeletingA5448] command /c del "c:\windows\temp\explorer.dat_old"
mRunOnce: [SpybotDeletingC3024] cmd /c del "c:\windows\temp\explorer.dat_old"
mRunOnce: [SpybotDeletingA3996] command /c del "c:\windows\temp\winlogon.dat_old"
mRunOnce: [SpybotDeletingC6434] cmd /c del "c:\windows\temp\winlogon.dat_old"
StartupFolder: c:\docume~1\debby\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\debby\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226554902171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\debby\applic~1\mozilla\firefox\profiles\hv7ie5sc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\debby\application data\mozilla\firefox\profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\debby\application data\mozilla\firefox\profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\debby\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-18 06:15:59 5943120 -c--a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{088d2299-ff7e-4b72-aecc-84d5d8bc1f57}\mpengine.dll
2011-02-22 18:16:14 -------- dc----w- c:\docume~1\debby\locals~1\applic~1\Yahoo!
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-02 22:11:20 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-21 15:47:47 87608 -c--a-w- c:\docume~1\debby\applic~1\inst.exe
2010-12-21 15:47:47 47360 -c--a-w- c:\docume~1\debby\applic~1\pcouffin.sys
2010-12-20 23:08:45 832512 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 -c--a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 -c--a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 -c--a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 -c--a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:30:34.76 ===============

here is the attach text zip file (I think!!)

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

Hello-

Thank you very much for responding. I have turned on instant thread notification.

Debby

Hello glass ninja :),

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Remove P2P software

IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

FrostWire 4.18.3


Please read the Guidelines for P2P Programs (http://forums.spybot.info/showthread.php?t=282) where we explain why it's not a good idea to have them.
Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
Please remove them before we continue with fixing your computer.

Please rerun DDS and post a new Attach.txt by copy and pasting into your reply.

--------------------

Is this a business or corporate computer?

--------------------

Please post back:
1. new Attach.txt contents
2. the answer to my question about your computer

Hi-

I removed the Frostwire. When I try to go to the sticky with the DDS link, it takes me somewhere else (stopzilla malware removal). It seems if i go anywhere with "malware" in the title, it brings me to "their" stuff. I have been leaving this page open and refreshing it. Would it be possible to post the link in this thread? I know I can follow a link, i just can't seem to get to them.

As far as your other question, yes, I do run a business from this computer. A small art business - it is NOT a corporate computer. Also, my stepfather gave the computer to me several years ago, and i know he also ran a business from it as well.

Sorry, I was able to get to the DDS link thru something already in your post.

Here is the file.

Debby


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2008 8:43:37 AM
System Uptime: 3/19/2011 8:46:23 AM (29 hours ago)
.
Motherboard: | | SiS-741
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 2000/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 61.166 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 9.0
Adobe Photoshop 6.0
Adobe Reader 9.2
Adobe SVG Viewer
AiO_Scan
AiOSoftware
AviSynth 2.5
Bejeweled Twist 1.0
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative Modem Blaster PCI Value DI5652-1
Destinations
DeviceManagementQFolder
DivX Web Player
Doc Scrubber v1.1
DocProc
EasyRecovery Professional Edition
ERUNT 1.1j
eSupportQFolder
Fax
Free YouTube to Mp3 Converter version 3.1
Glass Eye 2000
Google Updater
Google Video Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InterActual Player
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Jewel Quest III 1.00
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (3.5.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
NetAlyzer 0.3
NewCopy
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
ProductContext
QuickTime
Readme
Realtek AC'97 Audio
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
StumbleUpon IE Toolbar
TrayApp
Tweak UI
Uninstall 1.0.0.1
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
3/18/2011 12:23:51 PM, error: Service Control Manager [7011] - Timeout

(30000 milliseconds) waiting for a transaction response from the

Dnscache service.
3/13/2011 4:03:15 PM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Windows Search service to connect.
3/13/2011 4:03:15 PM, error: Service Control Manager [7000] - The

Windows Search service failed to start due to the following error: The

service did not respond to the start or control request in a timely

fashion.
3/13/2011 4:03:15 PM, error: DCOM [10005] - DCOM got error "%1053"

attempting to start the service WSearch with arguments "" in order to

run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

Hello glass ninja :),

The Attach.txt you posted was the old copy, but with Frostwire edited out. Please uninstall the program in actual.

For DDS, you already have the program here:
C:\Documents and Settings\Debby\My Documents\Downloads\dds.scr

Or you can download another from either one of the below links:
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Link 3 (http://www.infospyware.net/sUBs/dds)

Please run it again and post back a new Attach.txt.

--------------------

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)


Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:

:regfind
FrostWire
Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Validate Windows

Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here. (http://go.microsoft.com/fwlink/?linkid=52012)
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

Please download CKScanner© by askey127 and save to your desktop. Click here. (http://downloads.malwareremoval.com/CKScanner.exe)
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please post back:
1. fresh Attach.txt
2. SystemLook result
3. MGADiag result
4. CKScanner log

Good morning-

I checked my add/remove programs for the Frostwire, and it's not there. I did the uninstall yesterday before I posted the attach.txt log. I thought I had done it correctly - maybe not. Is it somewhere else i am missing?

Here is the attach.txt file. I am also enclosing a screenshot of my add/remove programs. I will post the next 3 steps in my next post.

Thanks!!

debby


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2008 8:43:37 AM
System Uptime: 3/20/2011 5:04:34 PM (15 hours ago)
.
Motherboard: | | SiS-741
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 2000/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 61.173 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 9.0
Adobe Photoshop 6.0
Adobe Reader 9.2
Adobe SVG Viewer
AiO_Scan
AiOSoftware
AviSynth 2.5
Bejeweled Twist 1.0
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative Modem Blaster PCI Value DI5652-1
Destinations
DeviceManagementQFolder
DivX Web Player
Doc Scrubber v1.1
DocProc
EasyRecovery Professional Edition
ERUNT 1.1j
eSupportQFolder
Fax
Free YouTube to Mp3 Converter version 3.1
Glass Eye 2000
Google Updater
Google Video Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InterActual Player
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Jewel Quest III 1.00
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (3.5.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
NetAlyzer 0.3
NewCopy
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
ProductContext
QuickTime
Readme
Realtek AC'97 Audio
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
StumbleUpon IE Toolbar
TrayApp
Tweak UI
Uninstall 1.0.0.1
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
3/20/2011 5:05:15 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
3/20/2011 5:05:14 PM, error: SRService [104] - The System Restore initialization process failed.
3/18/2011 12:23:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================

good morning again-

here is the system look log:

SystemLook 04.09.10 by jpshortstuff
Log created at 08:13 on 21/03/2011 by Debby
Administrator - Elevation successful

========== regfind ==========

Searching for "FrostWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
@="FrostWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
"DefaultIcon"=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
"Description"="FrostWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
"ShellExecute"=""C:\Program Files\FrostWire\FrostWire.exe" "%URL""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_CURRENT_USER\Software\Classes\LimeWire]
@="FrostWire Torrent"
[HKEY_CURRENT_USER\Software\Classes\LimeWire\DefaultIcon]
@="C:\Program Files\FrostWire\FrostWire.ico"
[HKEY_CURRENT_USER\Software\Classes\LimeWire\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\magnet\DefaultIcon]
@=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
@="FrostWire"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
"DefaultIcon"=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
"Description"="FrostWire"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
"ShellExecute"=""C:\Program Files\FrostWire\FrostWire.exe" "%URL""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\LimeWire]
@="FrostWire Torrent"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\LimeWire\DefaultIcon]
@="C:\Program Files\FrostWire\FrostWire.ico"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\LimeWire\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\magnet\DefaultIcon]
@=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\LimeWire]
@="FrostWire Torrent"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\LimeWire\DefaultIcon]
@="C:\Program Files\FrostWire\FrostWire.ico"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\LimeWire\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\magnet\DefaultIcon]
@=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\magnet\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]

-= EOF =-

Here is the text from the CKFiles:





CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\debby\favorites\interesting or weird stuff\astalavista.ms - cracks and serials search..url
c:\documents and settings\debby\my documents\limewire\incomplete\rkedaxpmqxsttpwixeoooxkgj6wd6jm6\adobe illustrator cs4\key\adobe-master-cs4-keygen.exe
c:\documents and settings\debby\start menu\programs\winrar\rar password cracker v4.11.lnk
c:\installs\dvd\dvd copying professional tools - everything you need to copy dvd like pro (tutorial included)\dvd-rb-prov1.00.rc5.1\cinema craft encoder 2.70.02 [sp]\crack\cctspt.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\dvdfab5090.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.diz
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.nfo
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.txt
c:\installs\dvd\dvdxcopy platinum 4.0.3.8\platinum4038crack.zip
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\tracked_by_demonoid_com.txt
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\imtoo dvd ripper platinum 4.0.35.1214 + keygen\dvd-ripper-platinum.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\keymaker.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd platinum 7.0 (release 2) build 27.071.txt
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd7.exe
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\keys.txt
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\nero-7.10.1.0_eng_trial_wch.exe
c:\installs\tune up\tuneup utilities 2007 6.0.1255.0 ( iteam.panna )\tune up\keygen.exe
c:\installs\zip and rar\winzip keygen v8.1.exe
c:\program files\winrar\rar password cracker v4.11\rarpasswordcrackerv4.11readme.txt
c:\program files\winrar\rar password cracker v4.11\rpc.exe
c:\program files\winrar\rar password cracker v4.11\special.chr
scanner sequence 3.ZZ.11
----- EOF -----

Hello glass ninja :),

Cracks / Keygens / Warez / Illegal softwares detected!!!

Your log indicates the presence and usage of one or more of the above. Very likely your computer got infected due to the illegal softwares or the illegitimate websites you visited to get them.

Please read the fourth post of the Forum Rules (http://forums.spybot.info/showthread.php?t=288) .

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

Please remove/uninstall the following before we continue, including the related programs:
c:\documents and settings\debby\favorites\interesting or weird stuff\astalavista.ms - cracks and serials search..url
c:\documents and settings\debby\my documents\limewire\incomplete\rkedaxpmqxsttpwixeoooxkgj6wd6jm6\adobe illustrator cs4\key\adobe-master-cs4-keygen.exe
c:\documents and settings\debby\start menu\programs\winrar\rar password cracker v4.11.lnk
c:\installs\dvd\dvd copying professional tools - everything you need to copy dvd like pro (tutorial included)\dvd-rb-prov1.00.rc5.1\cinema craft encoder 2.70.02 [sp]\crack\cctspt.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\dvdfab5090.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.diz
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.nfo
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.txt
c:\installs\dvd\dvdxcopy platinum 4.0.3.8\platinum4038crack.zip
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\tracked_by_demonoid_com.txt
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\imtoo dvd ripper platinum 4.0.35.1214 + keygen\dvd-ripper-platinum.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\keymaker.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd platinum 7.0 (release 2) build 27.071.txt
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd7.exe
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\keys.txt
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\nero-7.10.1.0_eng_trial_wch.exe
c:\installs\tune up\tuneup utilities 2007 6.0.1255.0 ( iteam.panna )\tune up\keygen.exe
c:\installs\zip and rar\winzip keygen v8.1.exe
c:\program files\winrar\rar password cracker v4.11\rarpasswordcrackerv4.11readme.txt
c:\program files\winrar\rar password cracker v4.11\rpc.exe
c:\program files\winrar\rar password cracker v4.11\special.chr

Please post a new CKScanner log.

Hi and good morning-

Got the last reply. I don't even know what all that stuff is. I primarily use my PC for email and updating my business website.

The man who fixed my computer several years ago installed a bunch of stuff on it (nero, fab 5, dvd ripper, etc). I have never even used it and didn't even know it was "bad". I'm really not that tech savvy.

How do I get rid of it all? Do I uninstall it from add/remove?

And what is the "keygen" stuff? How do I remove it?

Thanks-

Debby

Hi again-

Ok - I went in through explore and deleted everything that was on the list.

I am feeling like this is making me look really bad. This was NOT my stuff. I knew it was on my PC - the man who fixed my PC told me it was for DVDs, etc. If I had known this was "bad" or illegal, I would have never even have posted it here in the first place. The only one I knew about was the Frostwire/Limewire. I just really didn't know about the other stuff. I guess I can't trust "friends" to fix my computer.

Anyway, here is the new log. Like I said, I went through explorer to delete it. If there are any remnants of the programs left, it is due only to my ignorance and/or not knowing how to remove them fully.

Thanks for your patience.

debby

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Hello glass ninja :),

Please uninstall WinRAR archiver as well via Add/Remove Programs at the Control Panel.

Thank you removing all the illegal stuffs :bigthumb:.

--------------------

Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.

Please download Rootkit Unhooker and save it to your desktop. Click here. (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)

Double click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):

Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

I do not see any Antivirus (AV) installed on your machine. AV is a very critical part of your system to keep the it safe and clean. Without it, a computer can easily get infected. Please download and install an AV from one of the links below:

Avast (http://www.avast.com/eng/download-avast-home.html)
Avira (http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914)
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)

You should only select one of these three, and keep only one installed.

--------------------

Please post back:
1. the Rootkit Unhooker log

Hi-

Thanks for your patience with me.

I have uninstalled the WINRAR from add/remove programs. To double check, I went to explore. There was a WINRAR file showing. I deleted that as well. Hopefully I'm clean now!! :)

I also have installed Avast antivirus.

Here is the log from the rootkit unhooker:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 4509696 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF685C000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6790000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF6AFA000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 606208 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF76A9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB53C8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF69EB000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 401408 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF66B7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5525000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8B64000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF6C5C000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 344064 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xBF45F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA85D5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF695A000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF77C8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8C0C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF767C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB5460000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB54FD000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB534B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6A96000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF69AE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6B8E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB54DB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7760000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7798000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7662000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7780000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8C81000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7749000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6765000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8A5F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF677C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6BB1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB557E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7736000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF77B7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6754000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA92A6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7917000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7967000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7937000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7927000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7A67000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF65C2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7857000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB5CD6000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF7987000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7837000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7877000 sisidex.sys 49152 bytes (Windows (R) 2000 DDK provider, SISIDEX Driver)
0xB6D33000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7907000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7827000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF79C7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7867000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF78E7000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF7817000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A77000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7887000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xF6D20000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7847000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6D40000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB6D43000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xADADE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB6D23000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B97000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB6766000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B87000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xB672E000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7B7F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B9F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB7178000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7A97000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB671E000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB59F6000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7BAF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BA7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB7170000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7C07000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xB7190000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB7168000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A9F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BD7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BDF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB675E000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 20480 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF7BC7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B77000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA94BF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB7101000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7CF3000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7CD7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAD4F2000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7CBB000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB7105000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C27000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA934F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xADE46000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7CBF000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF5C08000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7C2B000 sisperf.sys 12288 bytes (Silicon Integrated Systems Corp., SiS Filter Driver)
0xF7D9F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7DBF000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D9D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D17000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DA1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA8CC9000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DA3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D45000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB37FC000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 8192 bytes
0xF7D67000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D19000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E28000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA90DA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EDB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DDF000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7DE0000 siside.sys 4096 bytes (Silicon Integrated Systems Corp., SiS PCI Mini IDE Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [HSF_DP.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [HSFDPSP2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [MODEMCSA.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [ASPI32.SYS]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [usbohci.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [srvkp.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [HSFHWBS2.sys]
WARNING: Virus alike driver modification [HSFBS2S2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [sisnic.sys]
WARNING: Virus alike driver modification [sisgrp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [SISAGPX.SYS]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [ALCXSENS.SYS]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [siside.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [pcouffin.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [sisidex.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [HPZid412.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [ALCXWDM.SYS]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [HSFCXTS2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [HSF_CNXT.sys]
WARNING: Virus alike driver modification [dxg.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [sisperf.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Debby\Local Settings\Temporary Internet Files\Content.IE5\TORSEJA1\8pEVNnJ32A5RPXhAIp-_mswURnUl29Fm7TMyIHDd7kSGkcf0LGiZvirhsUvWvneSTwliC_kFguUw43muZrwRfCNJ0JOvcShbjFTON1o9V8CTQu2p5W5GLYU0FTADlknfvuIu9RjOQC7m6V8hN2BZy-YfsPDa[1].giff
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BAD4, Type: Inline - RelativeJump 0x804E2AD4-->804E2A8F [ntoskrnl.exe]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[356]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[356]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[356]explorer.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[356]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[356]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[356]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[356]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[356]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]



Thank you

Debby

Hello glass ninja :),

Did you install Avast after the Rootkit Unhooker scan? Or before?

Are you using a router?

Between Spybot - Search & Destroy and Windows Defender, please choose one and uninstall the other to prevent conflict and slowing down of your computer. One is good, but more does not mean it is better.

--------------------

Check router / modem

Open Notepad. Copy and paste the following text into it:

@echo off
>router.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start router.txt
del %0
Save it as router.bat on the desktop. Make sure the Save as type: is All Files (*.*).
Double click on router.bat to run it. Allow if prompted by any security software.
Post the contents of router.txt. It is found on your desktop.

--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here. (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)

Alternatively, you may get the zip version (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Press Start scan to begin.
If anything is found, please change all the actions to Skip only.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.

--------------------

Please post back:
1. the answers to my questions
2. contents of router.txt
3. TDSSKiller log

Hi and good morning-

First, i installed the Avast AFTER I did the rootkit unhooker. I go in the order your instructions are posted :)

I am not using a router, i am connected directly to a modem.

And I uninstalled the windows defender.

Here is the log from the router.bat:



Windows IP Configuration



Host Name . . . . . . . . . . . . : debbysdiplomat

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : twcny.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : twcny.rr.com

Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-01-6C-B2-AE-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 67.246.120.153

Subnet Mask . . . . . . . . . . . : 255.255.224.0

Default Gateway . . . . . . . . . : 67.246.96.1

DHCP Server . . . . . . . . . . . : 10.236.64.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Tuesday, March 22, 2011 1:30:34 AM

Lease Expires . . . . . . . . . . : Tuesday, March 22, 2011 1:30:34 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.225.16, 74.125.225.17, 74.125.225.18, 74.125.225.19
74.125.225.20

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging google.com [74.125.225.18] with 32 bytes of data:



Reply from 74.125.225.18: bytes=32 time=35ms TTL=56

Reply from 74.125.225.18: bytes=32 time=38ms TTL=56



Ping statistics for 74.125.225.18:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 38ms, Average = 36ms



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=75ms TTL=55

Reply from 72.30.2.43: bytes=32 time=75ms TTL=55



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 75ms, Maximum = 75ms, Average = 75ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 01 6c b2 ae 88 ...... SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 67.246.96.1 67.246.120.153 20
67.246.96.0 255.255.224.0 67.246.120.153 67.246.120.153 20
67.246.120.153 255.255.255.255 127.0.0.1 127.0.0.1 20
67.255.255.255 255.255.255.255 67.246.120.153 67.246.120.153 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 67.246.120.153 67.246.120.153 20
255.255.255.255 255.255.255.255 67.246.120.153 67.246.120.153 1
Default Gateway: 67.246.96.1
===========================================================================
Persistent Routes:
None


And here is the log of the TDSSKiller. I did not have to "skip" anything, nor did it ask me to reboot.



2011/03/22 06:27:36.0288 1716 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/22 06:27:36.0429 1716 ================================================================================
2011/03/22 06:27:36.0429 1716 SystemInfo:
2011/03/22 06:27:36.0429 1716
2011/03/22 06:27:36.0429 1716 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/22 06:27:36.0429 1716 Product type: Workstation
2011/03/22 06:27:36.0429 1716 ComputerName: DEBBYSDIPLOMAT
2011/03/22 06:27:36.0429 1716 UserName: Debby
2011/03/22 06:27:36.0429 1716 Windows directory: C:\WINDOWS
2011/03/22 06:27:36.0429 1716 System windows directory: C:\WINDOWS
2011/03/22 06:27:36.0429 1716 Processor architecture: Intel x86
2011/03/22 06:27:36.0429 1716 Number of processors: 1
2011/03/22 06:27:36.0429 1716 Page size: 0x1000
2011/03/22 06:27:36.0429 1716 Boot type: Normal boot
2011/03/22 06:27:36.0429 1716 ================================================================================
2011/03/22 06:27:36.0882 1716 Initialize success
2011/03/22 06:27:57.0866 3660 ================================================================================
2011/03/22 06:27:57.0866 3660 Scan started
2011/03/22 06:27:57.0866 3660 Mode: Manual;
2011/03/22 06:27:57.0866 3660 ================================================================================
2011/03/22 06:27:58.0523 3660 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/22 06:27:58.0788 3660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/22 06:27:58.0929 3660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/22 06:27:59.0116 3660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/22 06:27:59.0241 3660 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/22 06:27:59.0570 3660 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/03/22 06:27:59.0741 3660 ALCXWDM (9a6a99f0d75b457e3a2267776ebe9f47) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/22 06:27:59.0991 3660 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/03/22 06:28:00.0382 3660 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/03/22 06:28:00.0507 3660 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/22 06:28:00.0648 3660 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/22 06:28:00.0804 3660 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/22 06:28:00.0945 3660 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/22 06:28:01.0163 3660 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/22 06:28:01.0320 3660 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/22 06:28:01.0554 3660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/22 06:28:01.0648 3660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/22 06:28:01.0835 3660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/22 06:28:01.0945 3660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/22 06:28:02.0070 3660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/22 06:28:02.0163 3660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/22 06:28:02.0335 3660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/22 06:28:02.0429 3660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/22 06:28:02.0570 3660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/22 06:28:03.0054 3660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/22 06:28:03.0179 3660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/22 06:28:03.0304 3660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/22 06:28:03.0429 3660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/22 06:28:03.0538 3660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/22 06:28:03.0710 3660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/22 06:28:03.0851 3660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/22 06:28:03.0991 3660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/22 06:28:04.0132 3660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/22 06:28:04.0226 3660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/22 06:28:04.0335 3660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/22 06:28:04.0445 3660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/22 06:28:04.0507 3660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/22 06:28:04.0601 3660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/22 06:28:04.0788 3660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/22 06:28:04.0960 3660 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/22 06:28:05.0070 3660 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/22 06:28:05.0195 3660 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/22 06:28:05.0335 3660 HSFHWBS2 (c27c1231a205086d35088e13817985b0) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/22 06:28:05.0538 3660 HSF_DP (73d70d6b8516075fb4de65726f74a121) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/22 06:28:05.0757 3660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/22 06:28:06.0038 3660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/22 06:28:06.0163 3660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/22 06:28:06.0460 3660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/22 06:28:06.0570 3660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/22 06:28:06.0679 3660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/22 06:28:06.0773 3660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/22 06:28:06.0866 3660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/22 06:28:06.0976 3660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/22 06:28:07.0101 3660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/22 06:28:07.0226 3660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/22 06:28:07.0335 3660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/22 06:28:07.0476 3660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/22 06:28:07.0601 3660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/22 06:28:07.0851 3660 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/22 06:28:07.0960 3660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/22 06:28:08.0070 3660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/22 06:28:08.0179 3660 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/22 06:28:08.0288 3660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/22 06:28:08.0382 3660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/22 06:28:08.0538 3660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/22 06:28:08.0663 3660 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/22 06:28:08.0851 3660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/22 06:28:08.0960 3660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/22 06:28:09.0070 3660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/22 06:28:09.0179 3660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/22 06:28:09.0304 3660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/22 06:28:09.0413 3660 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/22 06:28:09.0538 3660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/22 06:28:09.0679 3660 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/22 06:28:09.0788 3660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/22 06:28:09.0882 3660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/22 06:28:09.0991 3660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/22 06:28:10.0101 3660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/22 06:28:10.0195 3660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/22 06:28:10.0398 3660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/22 06:28:10.0554 3660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/22 06:28:10.0741 3660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/22 06:28:10.0851 3660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/22 06:28:10.0976 3660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/22 06:28:11.0148 3660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/22 06:28:11.0273 3660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/22 06:28:11.0382 3660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/22 06:28:11.0491 3660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/22 06:28:11.0679 3660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/22 06:28:11.0788 3660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/22 06:28:11.0898 3660 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/22 06:28:12.0445 3660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/22 06:28:12.0585 3660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/22 06:28:12.0804 3660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/22 06:28:13.0195 3660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/22 06:28:13.0304 3660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/22 06:28:13.0460 3660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/22 06:28:13.0616 3660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/22 06:28:13.0757 3660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/22 06:28:13.0898 3660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/22 06:28:14.0023 3660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/22 06:28:14.0179 3660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/22 06:28:14.0413 3660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/22 06:28:14.0554 3660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/22 06:28:14.0663 3660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/22 06:28:14.0804 3660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/22 06:28:15.0007 3660 SiS315 (5229a7f27cbe7645a17e7744770dda6b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/03/22 06:28:15.0163 3660 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/03/22 06:28:15.0288 3660 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
2011/03/22 06:28:15.0413 3660 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
2011/03/22 06:28:15.0538 3660 SiSkp (a93b5b3710f4b94f1190f71edf6a8296) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/03/22 06:28:15.0679 3660 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/03/22 06:28:15.0788 3660 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
2011/03/22 06:28:15.0976 3660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/22 06:28:16.0179 3660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/22 06:28:16.0366 3660 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/22 06:28:16.0585 3660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/22 06:28:16.0710 3660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/22 06:28:17.0038 3660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/22 06:28:17.0195 3660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/22 06:28:17.0335 3660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/22 06:28:17.0429 3660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/22 06:28:17.0554 3660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/22 06:28:17.0741 3660 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/03/22 06:28:17.0851 3660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/22 06:28:18.0070 3660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/22 06:28:18.0273 3660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/22 06:28:18.0382 3660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/22 06:28:18.0491 3660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/22 06:28:18.0632 3660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/22 06:28:18.0757 3660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/22 06:28:18.0851 3660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/22 06:28:18.0945 3660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/22 06:28:19.0054 3660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/22 06:28:19.0226 3660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/22 06:28:19.0366 3660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/22 06:28:19.0538 3660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/22 06:28:19.0695 3660 winachsf (9c26534a3d2aa00352ffcd23bfef1399) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/22 06:28:19.0991 3660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/22 06:28:20.0195 3660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/22 06:28:20.0320 3660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/22 06:28:20.0601 3660 ================================================================================
2011/03/22 06:28:20.0601 3660 Scan finished
2011/03/22 06:28:20.0601 3660 ================================================================================
2011/03/22 06:28:53.0273 3424 Deinitialize success


Thank you!!

Debby

Hello glass ninja :),

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1 (http://oldtimer.geekstogo.com/OTL.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTL.exe)

Scan with OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. the OTL logs (OTL.txt and Extras.txt)

Hello-

Here are the logs you requested.

Thanks!!

Debby


OTL logfile created on: 3/22/2011 12:58:49 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 69.25 Gb Free Space | 74.34% Space Free | Partition Type: NTFS

Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 12:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL.exe
PRC - [2011/03/03 10:46:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/05/12 17:23:42 | 000,335,872 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/02/26 16:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/22 12:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/22 07:04:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/09/22 06:42:32 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/11/02 16:31:02 | 000,219,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/11/02 16:30:02 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/02 16:29:28 | 001,036,544 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/19 20:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 17:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 15:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 17:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 23:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/13 05:07:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/21 14:07:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/03 10:47:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/03 10:47:00 | 000,000,000 | ---D | M]

[2008/11/16 15:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Extensions
[2011/03/22 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions
[2010/09/20 11:42:54 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/07 09:10:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/22 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/21 14:07:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/01/24 14:42:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2008/11/13 04:18:52 | 000,288,002 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 9925 more lines...
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226554902171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/27 08:40:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\AutoRun\command - "" = nemoj\\meni.exe
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\explore\command - "" = nemoj\\\meni.exe
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\open\command - "" = nemoj\\\meni.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 14:08:05 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/21 14:08:05 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/21 14:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/21 14:08:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/21 14:08:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/21 14:07:59 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/21 14:07:58 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/21 14:07:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/21 14:07:58 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/21 14:07:09 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/21 14:07:08 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/20 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Local Settings\Application Data\Temp
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/15 17:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\My Documents\fark
[2011/02/22 14:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Start Menu\Programs\BrowserPlus
[2011/02/22 14:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!
[2008/11/12 14:53:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Debby\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/22 12:43:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/21 14:08:06 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/21 14:07:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/21 13:30:51 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 13:30:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/21 08:11:54 | 000,305,992 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\addremove.JPG
[2011/03/21 08:02:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\addremove.bmp
[2011/03/20 13:27:02 | 000,003,348 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\Attach2.zip
[2011/03/19 13:43:01 | 000,003,359 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\Attach.zip
[2011/03/19 13:27:32 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:47 | 000,000,145 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/13 16:13:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 06:57:09 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 06:57:08 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/04 11:01:06 | 000,016,233 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2011/02/25 08:46:51 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 10:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 09:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 14:08:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/21 08:11:54 | 000,305,992 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\addremove.JPG
[2011/03/21 08:02:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\addremove.bmp
[2011/03/20 13:27:02 | 000,003,348 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\Attach2.zip
[2011/03/19 13:43:01 | 000,003,359 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\Attach.zip
[2011/03/19 13:27:32 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:46 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/04 11:01:00 | 000,016,233 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2010/09/06 17:52:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\winsusrx.dll
[2010/09/06 17:52:04 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2010/09/06 17:50:54 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\Tracer.dll
[2010/09/06 17:50:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SheriffNet.dll
[2009/12/07 01:15:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/21 11:32:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/13 12:24:52 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[2008/12/28 22:01:19 | 000,113,167 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/12/28 22:01:18 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/11/30 09:06:43 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/11/24 08:07:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 16:06:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/16 15:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/12 14:57:22 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/11/12 14:53:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\inst.exe
[2008/11/12 14:53:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.cat
[2008/11/12 14:53:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.inf
[2008/10/27 09:18:47 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Debby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 09:07:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/10/27 09:07:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/10/27 09:02:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/10/27 09:01:36 | 000,108,021 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/10/27 09:01:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2008/10/27 09:01:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2008/10/27 09:01:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2008/10/27 09:01:02 | 000,102,683 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/10/27 08:53:30 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/10/27 08:43:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/27 08:37:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 03:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 03:15:49 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,465,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,078,958 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\b.dll
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/11/23 15:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2731C
[2011/03/21 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/04 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/04/07 20:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/11/23 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/12/26 08:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/06 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\FrostWire
[2011/02/08 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Image Zone Express
[2008/11/12 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\InterVideo
[2008/12/26 09:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\iWin
[2008/12/18 09:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Leadertech
[2009/10/10 00:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\LimeWire
[2010/12/12 05:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\StumbleUpon
[2009/02/13 12:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Template
[2010/12/21 11:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Vso
[2008/11/13 02:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Desktop Search
[2009/04/08 09:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Search
[2009/06/17 10:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Leadertech
[2008/12/28 13:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980

< End of report >



and the extras:


OTL Extras logfile created on: 3/22/2011 12:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 69.25 Gb Free Space | 74.34% Space Free | Partition Type: NTFS

Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware
"C:\Program Files\CCleaner\CCleaner.exe" = C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner -- (Piriform Ltd)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe" = C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe:*:Enabled:Software update
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy -- (Safer Networking Limited)
"C:\Program Files\SpywareBlaster\spywareblaster.exe" = C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe" = C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:Start Avira AntiVir Personal
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:Windows Defender
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D -- (Safer Networking Limited)
"C:\Program Files\TCPOptimizer\TCPOptimizer.exe" = C:\Program Files\TCPOptimizer\TCPOptimizer.exe:*:Enabled:TCPOptimizer -- (Speed Guide Inc.)
"C:\Program Files\CodeStuff\Starter\Starter.exe" = C:\Program Files\CodeStuff\Starter\Starter.exe:*:Enabled:Starter
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Debby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Debby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200314F1" = Creative Modem Blaster PCI Value DI5652-1
"Doc Scrubber_is1" = Doc Scrubber v1.1
"EasyRecovery" = EasyRecovery Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Glass Eye 2000" = Glass Eye 2000
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Jewel Quest III 1.00" = Jewel Quest III 1.00
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetAlyzer_is1" = NetAlyzer 0.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2011 4:48:58 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 2/17/2011 7:28:01 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/18/2011 5:13:10 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/20/2011 9:37:59 AM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
sdl.dll, version 1.2.7.0, fault address 0x0002638e.

Error - 2/28/2011 1:51:09 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application Photoshp.exe, version 6.0.128.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2011 5:41:23 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3986, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 9/12/2009 5:59:00 AM | Computer Name = DEBBYSDIPLOMAT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32902
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

Hello glass ninja :),

I need you to explain a bit more about the symptoms. Are they happening for both Internet Explorer and Firefox? What sites do you get redirect to? Please provide example in this manner: badsite[dot]com. When did it start?

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. the answers to my questions
2. the ESET online scan result

Good morning-

to answer your questions: the redirecting started about 6 days ago. I was looking to buy a certain product wholesale, so i did a google search. I believe one of the sites I clicked was "bad" and infected me. It was right after that I started getting redirected - mostly to other shopping sites. When it first started, it was happening both in IE and firefox. And it was still happening in BOTH yesterday. But today when I tried to get you an example in firefox, the redirecting seemed to have stopped in firefox. But it IS still happening in IE. Here is an example:

I did a google search through the toolbar for "malware removal". The first result I got was:

search.us.b00kmarks[dot]com/search.php?keyword=malware+removal

I did the same search, clicked on the same link, and got:

stopzilla[dot]com/products/stopzilla/antivirus.do?aid=10273&cid=malware3152-FA342BBD_malware+removal

After I click on the link, and am waiting to get "redirected", there are several things that flash through the address bar. I tried to write one of them down, but they go too fast for me to get.


and here is the log from the ESET sscan:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=6fbc1179dacc21448a0b8bd0f787a43a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-23 04:32:54
# local_time=2011-03-23 12:32:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52873
# found=5
# cleaned=0
# scan_time=7876
C:\Documents and Settings\Debby\Application Data\Sun\Java\Deployment\cache\6.0\48\24c80fb0-301a3bd8 Java/TrojanDownloader.OpenStream.NBL trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\explorer.exe a variant of Win32/Bamital.FH trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\b.dll Win32/Bamital.FA trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\winlogon.exe Win32/Bamital.FH trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Bamital.FH trojan 00000000000000000000000000000000 I





Thanks!!

Debby

Hello glass ninja :),

Run SystemLook
Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:

:filefind
explorer.ex*
winlogon.ex*
Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Please post back:
1. SystemLook result

Hi-

here is the systemlook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 13:17 on 23/03/2011 by Debby
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.ex*"
C:\WINDOWS\explorer.exe --a--c- 1033728 bytes [12:00 28/02/2006] [10:42 14/04/2008] 87D9D1260E1A92849BCE9B59A6148700
C:\WINDOWS\ServicePackFiles\i386\explorer.exe -----c- 1033728 bytes [20:34 12/11/2008] [10:42 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

Searching for "winlogon.ex*"
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -----c- 507904 bytes [20:35 12/11/2008] [10:42 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a--c- 507904 bytes [12:00 28/02/2006] [10:42 14/04/2008] BB60650EC612FC19EE1E9385090B289B

-= EOF =-



It only took a coupe of minutes to create.....

thanks-

Debby

Hello glass ninja :),

Please download ComboFix from one of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Install Recovery Console and run ComboFix

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on ComboFix.exe and follow the prompts.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you need help.

--------------------

Please post back:
1. the ComboFix log

Hi-

I disabled the avast before I ran it. Here is the combofix log:




.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-14 413696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\Debby\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-10-27 335872]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\TCPOptimizer\\TCPOptimizer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/21/2011 2:07 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/21/2011 2:08 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/21/2011 2:08 PM 19544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-12 18:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer By Mad Man Moon
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\documents and settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Free YouTube to Mp3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe
AddRemove-SpywareBlaster_is1 - c:\program files\SpywareBlaster\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Debby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 14:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2011-03-23 14:23:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-23 18:23
.
Pre-Run: 74,194,718,720 bytes free
Post-Run: 74,260,803,584 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 806ACC5A147B38C6BD59F88057C0F3E2

Hello glass ninja :),

The ComboFix log you posted is only partial. The early portions are missing. Could you please post a complete one? Thanks.

Hi-

Oops. Sorry about that!! My copy/paste went wrong. Here is the complete one. I'm glad I leave notepad open until I hear back from you!!




ComboFix 11-03-22.09 - Debby 03/23/2011 14:01:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.130 [GMT -4:00]
Running from: c:\documents and settings\Debby\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Debby\Application Data\inst.exe
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 14:17 . 2011-03-23 14:17 -------- dc----w- c:\program files\ESET
2011-03-21 18:08 . 2011-02-23 13:56 301528 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-21 18:08 . 2011-02-23 13:54 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-21 18:08 . 2011-02-23 13:55 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-21 18:08 . 2011-02-23 13:55 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-21 18:07 . 2011-02-23 13:56 371544 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-21 18:07 . 2011-02-23 13:55 102232 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-21 18:07 . 2011-02-23 13:55 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-21 18:07 . 2011-02-23 13:54 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-21 18:07 . 2011-02-23 14:04 40648 -c--a-w- c:\windows\avastSS.scr
2011-03-21 18:07 . 2011-02-23 14:04 190016 -c--a-w- c:\windows\system32\aswBoot.exe
2011-03-21 18:06 . 2011-03-21 18:06 -------- dc----w- c:\program files\AVAST Software
2011-03-21 18:06 . 2011-03-21 18:06 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-20 22:52 . 2011-03-20 22:53 -------- dc----w- c:\documents and settings\Debby\Local Settings\Application Data\Temp
2011-03-19 17:27 . 2011-03-19 17:27 -------- dc----w- c:\program files\ERUNT
2011-02-22 18:16 . 2011-02-22 18:16 -------- dc----w- c:\documents and settings\Debby\Local Settings\Application Data\Yahoo!
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2006-02-28 12:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-02 22:11 . 2009-10-03 01:17 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2008-10-27 12:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-10-27 12:35 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 -c--a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-14 413696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\Debby\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-10-27 335872]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\TCPOptimizer\\TCPOptimizer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/21/2011 2:07 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/21/2011 2:08 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/21/2011 2:08 PM 19544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-12 18:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer By Mad Man Moon
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\documents and settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Free YouTube to Mp3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe
AddRemove-SpywareBlaster_is1 - c:\program files\SpywareBlaster\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Debby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 14:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2011-03-23 14:23:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-23 18:23
.
Pre-Run: 74,194,718,720 bytes free
Post-Run: 74,260,803,584 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 806ACC5A147B38C6BD59F88057C0F3E2

Hello glass ninja :),

Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Firefox browser to the latest. You may need to use Internet Explorer temporarily for this, or download the program first before continuing the uninstall step.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Mozilla Firefox (3.5.17)


Go to the Mozilla Firefox download page. Click here. (http://www.mozilla.com/en-US/firefox/upgrade.html)
Click on the Free Download button and save the setup file to a convenient location.
Double click on the setup file and follow the steps accordingly.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 9.2


Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Different language or operating system? link.
Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
Change the language if you want by clicking on English below the Select a language title.
Press Continue.
Uncheck (untick) Free McAfee Security Scan (optional).
Click the Download now button after selecting the latest version.
Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 11
Java(TM) 6 Update 4


Go to the Java SE download page. Click here. (http://java.sun.com/javase/downloads/index.jsp)
Look for Java SE 6 Update 24. Click the Download JRE button to the right.
Select Windows from the drop-down list for Platform.
Check I agree to the Java SE Runtime Environment 6u24 with JavaFX License Agreement after reading it, and click Continue >>. The page will refresh.
Under the Windows Offline Installation title, click on the link which says jre-6u24-windows-i586.exe and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

Please post back:
1. how is your computer now?

Hi and good morning-

I have uninstalled the 3 programs and redownloaded them. Thank you.

Other than the fact my computer is about 15 yrs old, it seems to be running just fine!! I tried to duplicate the redirecting in both IE and firefox, and it seems to have stopped.

Thanks!!

Debby

Hello glass ninja :),

We are almost done here.

Please run OTL again and post back OTL.txt.

Hi-

here is the OTL.txt



OTL logfile created on: 3/25/2011 12:31:09 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 68.23 Gb Free Space | 73.24% Space Free | Partition Type: NTFS

Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 12:30:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL(1).exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/05/12 17:23:42 | 000,335,872 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/02/26 16:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/25 12:30:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL(1).exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/22 07:04:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/09/22 06:42:32 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/11/02 16:31:02 | 000,219,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/11/02 16:30:02 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/02 16:29:28 | 001,036,544 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/19 20:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 17:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 15:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 17:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 23:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/13 05:07:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/21 14:07:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 08:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:25:12 | 000,000,000 | ---D | M]

[2008/11/16 15:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Extensions
[2011/03/25 08:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions
[2010/09/20 11:42:54 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/07 09:10:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/25 08:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/25 08:22:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DEBBY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HV7IE5SC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/03/21 14:07:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/03/25 08:22:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/25 08:22:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/23 14:16:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226554902171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/27 08:40:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 08:26:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/25 08:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/25 08:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/25 08:22:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/25 08:22:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/25 08:22:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/25 08:22:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/25 08:22:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/25 08:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/23 14:00:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/23 13:56:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/23 13:56:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/23 13:56:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/23 13:56:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/23 13:55:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/23 10:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/21 14:08:05 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/21 14:08:05 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/21 14:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/21 14:08:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/21 14:08:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/21 14:07:59 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/21 14:07:58 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/21 14:07:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/21 14:07:58 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/21 14:07:09 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/21 14:07:08 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/20 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Local Settings\Application Data\Temp
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/15 17:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\My Documents\fark
[2008/11/12 14:53:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Debby\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 12:09:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/25 08:24:49 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/25 08:24:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 08:22:15 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/25 08:22:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/25 08:22:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/25 08:22:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/25 08:22:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/25 08:14:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/25 08:07:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Debby\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/25 08:07:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/23 14:16:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/23 14:00:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/21 14:08:06 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/21 14:07:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/19 13:27:32 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:47 | 000,000,145 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/13 16:13:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 06:57:09 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 06:57:08 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/04 11:01:06 | 000,016,233 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2011/02/25 08:46:51 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 08:28:52 | 000,042,647 | ---- | C] () -- C:\Documents and Settings\Debby\My Documents\f this guy.jpg
[2011/03/25 08:14:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/25 08:14:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/25 08:07:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/25 08:07:47 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/25 08:07:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/23 14:00:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/23 14:00:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/23 13:56:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/23 13:56:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/23 13:56:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/23 13:56:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/23 13:56:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/21 14:08:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/19 13:27:32 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:46 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/04 11:01:00 | 000,016,233 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2010/09/06 17:50:54 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\Tracer.dll
[2010/09/06 17:50:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SheriffNet.dll
[2009/12/07 01:15:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/21 11:32:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/13 12:24:52 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[2008/12/28 22:01:19 | 000,113,167 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/12/28 22:01:18 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/11/30 09:06:43 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/11/24 08:07:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 16:06:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/16 15:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/12 14:57:22 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/11/12 14:53:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.cat
[2008/11/12 14:53:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.inf
[2008/10/27 09:18:47 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Debby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 09:07:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/10/27 09:07:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/10/27 09:02:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/10/27 09:01:36 | 000,108,021 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/10/27 09:01:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2008/10/27 09:01:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2008/10/27 09:01:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2008/10/27 09:01:02 | 000,102,683 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/10/27 08:53:30 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/10/27 08:43:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/27 08:37:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 03:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 03:15:49 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,465,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,078,958 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\b.dll
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/11/23 15:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2731C
[2011/03/21 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/04 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/04/07 20:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/11/23 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/12/26 08:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/06 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\FrostWire
[2011/02/08 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Image Zone Express
[2008/11/12 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\InterVideo
[2008/12/26 09:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\iWin
[2008/12/18 09:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Leadertech
[2009/10/10 00:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\LimeWire
[2010/12/12 05:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\StumbleUpon
[2009/02/13 12:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Template
[2010/12/21 11:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Vso
[2008/11/13 02:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Desktop Search
[2009/04/08 09:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Search
[2009/06/17 10:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Leadertech
[2008/12/28 13:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980

< End of report >





and the extras.txt






OTL Extras logfile created on: 3/25/2011 12:31:09 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 68.23 Gb Free Space | 73.24% Space Free | Partition Type: NTFS

Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CCleaner\CCleaner.exe" = C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner -- (Piriform Ltd)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy -- (Safer Networking Limited)
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D -- (Safer Networking Limited)
"C:\Program Files\TCPOptimizer\TCPOptimizer.exe" = C:\Program Files\TCPOptimizer\TCPOptimizer.exe:*:Enabled:TCPOptimizer -- (Speed Guide Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200314F1" = Creative Modem Blaster PCI Value DI5652-1
"Doc Scrubber_is1" = Doc Scrubber v1.1
"EasyRecovery" = EasyRecovery Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Glass Eye 2000" = Glass Eye 2000
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Jewel Quest III 1.00" = Jewel Quest III 1.00
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetAlyzer_is1" = NetAlyzer 0.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 2/17/2011 7:28:01 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/18/2011 5:13:10 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/20/2011 9:37:59 AM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
sdl.dll, version 1.2.7.0, fault address 0x0002638e.

Error - 2/28/2011 1:51:09 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application Photoshp.exe, version 6.0.128.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2011 5:41:23 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3986, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2011 12:26:59 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application Photoshp.exe, version 6.0.128.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 9/12/2009 5:59:00 AM | Computer Name = DEBBYSDIPLOMAT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32902
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/25/2011 8:00:52 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:52 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/25/2011 8:00:53 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >



thanks!!!


debby

Hello glass ninja :),


479.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 12.00% Memory free You may want to consider upgrading your RAM. 512MB is low for today's standard and you are utilizing it almost at maximum already.

Please backup your registry with ERUNT.

--------------------

Fix with OTL

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on OTL.exe to run it.
Copy and paste the following text into the white box below Custom Scans/Fixes:

:otl
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/01/06 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\FrostWire
[2009/10/10 00:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\LimeWire
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = -

:commands
[CREATERESTOREPOINT]
[resethosts]
[emptytemp]
Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.

--------------------

Please post back:
1. the OTL fix log
2. any more problems?

Hello-

I know I need more RAM in my PC. I keep getting that "virtual memory" box that pops up every so often. I was hoping to get a laptop, but I may just end up upgrading this one.

What was it that infected my computer??

Ok. I backed up using erunt, then disabled avast. Here is the log from the OTL:



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Debby\Application Data\FrostWire folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire\themes\windows_theme folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire\themes folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire\promotion folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire\certificate folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Debby\Application Data\LimeWire folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Debby
->Temp folder emptied: 1347047 bytes
->Temporary Internet Files folder emptied: 49760399 bytes
->Java cache emptied: 1132559 bytes
->FireFox cache emptied: 236202932 bytes
->Flash cache emptied: 2873315 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: josephus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 77542258 bytes
->Flash cache emptied: 1821 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123509 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 741137560 bytes

Total Files Cleaned = 1,061.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03262011_092526

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hello glass ninja :),


What was it that infected my computer?? It was a Bamital infection that patched some of Windows critical files. No worries, it has been neutralized.

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the SystemLook, CKScanner, Rootkit Unhooker and TDSSKiller files on your desktop.
Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications. If you would like to try WinPatrol, please uninstall Spybot.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.

6. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with Panda USB Vaccine (http://www.pandasecurity.com/homeusers/downloads/usbvaccine/), an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)

Stay safe.

Hi-

Wow. Thank you SO much for your patient help. I will be making a donation to spybot in your name/honor. Thank you.

Debby

You are most welcome and thanks to you as well :bigthumb: .

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)