Computer virus that I can't get rid of.

I have Windows Vista on my laptop and after trying to find an episode of Grey's anatomy last night to watch my computer became infected with a virus. I now keep being asked by my alter to block BankerFox.A, I think is what it is and Win32.Nuqel.E. Also a box keeps popping up that says Microsoft.NET Framework, but it is a blank box other then that, and then another box keeps popping up that says "Revocation information for the security certificate for this site is not available. Do you want to proceed?" and then also boxes keep popping up that say things like "application cannot be executed. the file chrome.exe is infected. Do you want to activate your antivirus software now?" and other antivirus software stuff keeps popping up and i clicked on it the first time it came up because i thought it was legit and it took me to a porn site and wanted me to buy the antivirus software, which i didn't b/c i now know it is fake, but i also cannot get on my internet now either (it says on the web page "internet explorer warning-visiting this web site may harm your computer!" and it goes on to tell me to purchase something for secure internet surfing) and am doing this from another computer in my house, please help! i will need to be walked through step by step b/c i know computers but not that well.

also i was looking at what you have other people do like downloading OTL by old timer...how do you do that b/c i assume i am going to have to do that.

also, the internet i use is explorer and chrome and they both are not working because of the virus.

i also originally scanned my computer with trend micro and it got rid of somethings, but the problem hasn't gone away.

Last edited by kimmiegirl on 21st May 2010, 7:55 pm; edited 2 times in total (Reason for editing : forgot information)

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

how do i download OTL onto my desktop if my internet will not work?

i am accessing this site from a computer other then the one that is infected b/c my infected lap top will not let me access internet explorer or google chrome.

my proxy server is checked in my internet explorer too.

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

• Please Download Rkill.com. Save it to your Desktop.
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
  
• NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
  
  
• Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  
• Please be patient while the program looks for various malware programs and ends them.
  
• When it has finished, the black window will automatically close and you can continue with the next step.
  

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try using OTL now.

how do I change my security settings, so I can download OTL and Rkill?

Hello.

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the second option, to run Windows in Safe Mode with networking, then press Enter.
  
• Choose your usual account.
  

If you can access GeekPolice from Safe Mode, then try downloading OTL and running it.

okay, so i can access the internet on my lap top by unchecking my proxy server, but i have to uncheck on each new page i am brought to before going on to a new page, or it says that it may be dangerous and i need to purchase antivirus software...i also figured out how to get into safe mode, but my internet in unable to work, like there is no internet connection, is there a way to put it in safe mode and still have internet connection? if so how?

Hello.
Do you have another machine we can use to download tools from and external hardware to transfer the tools across? the malware keeps replacing the proxy, so we'll need to kill the trojan first.

yes, i have another computer and by external hardware do you mean like a flash drive b/c i have that too.

Yes.
Okay, download RKill + OTL from another machine and transfer them across to this infected machine.

okay, i've copied them onto my flash drive and i am going to go and try them on my infected lap top, but heres my question since rkill is web based will it be able to run on my infected lap top?

RKill isn't web based, the .com is so it can run undetected by the malware.

There is also two other RKill links if one doesn't work, so run RKill first, then OTL.

oh, okay, and i don't know if you need this from rkill or not, but i thought i would post it anyway.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Kimmie on 4/2010 Mon at 11:33:49.


Processes terminated by Rkill or while it was running:


C:\Users\Kimmie\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Kimmie\AppData\Local\asam.exe
C:\Users\Kimmie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Kimmie\AppData\Local\symibswac\mrvyrattssd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe


Rkill completed on 4/2010 Mon at 11:34:02.

Okay, please run OTL and post the two logs.

OTL logfile created on: 5/24/2010 11:37:59 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 175.02 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.99 Gb Free Space | 49.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.87 Gb Total Space | 0.93 Gb Free Space | 49.77% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIMMIE-PC
Current User Name: Kimmie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/24 11:30:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/01/07 15:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/10/26 16:37:40 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/12 19:37:44 | 000,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/08/12 19:37:06 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/08/12 19:37:06 | 000,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/14 19:15:54 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/26 00:02:16 | 000,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2008/08/15 16:03:50 | 004,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/15 12:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/06/30 05:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/06/30 05:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 05:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/06/30 05:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/25 06:56:34 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/25 06:56:30 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
PRC - [2008/06/25 06:56:24 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe
PRC - [2008/05/02 15:57:00 | 001,211,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/02/19 11:43:30 | 000,438,403 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/01/20 21:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/20 21:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/14 11:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/12/05 18:30:06 | 000,450,560 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/11/24 21:20:36 | 000,622,592 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/05/08 19:52:04 | 000,204,800 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe


========== Modules (SafeList) ==========

MOD - [2010/05/24 11:30:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/10/26 16:37:40 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/08/12 19:37:44 | 000,337,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/08/12 19:37:42 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2009/08/12 19:37:42 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/08/12 19:37:06 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/11/14 19:23:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/25 06:56:30 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe -- (STacSV)
SRV - [2008/06/25 06:56:24 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/08/12 19:38:42 | 000,235,024 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/08/12 19:38:42 | 000,157,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/08/12 19:38:42 | 000,142,352 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/08/12 19:38:42 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/08/12 19:38:42 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/08/12 19:38:42 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2008/10/06 00:49:20 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/10/06 00:49:20 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/08/05 07:16:16 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/08/05 07:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/30 05:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/25 06:56:36 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/03/14 07:46:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/03/13 06:42:36 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/03/13 06:41:12 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/13 06:37:46 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/13 06:36:50 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/03/13 06:34:40 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/13 06:34:38 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/13 06:34:36 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081115
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LoJackForLaptops] C:\Program Files\LFLInstall\InstallManager.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [asam] C:\Users\Kimmie\AppData\Local\asam.exe ()
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [googletalk] C:\Users\Kimmie\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [oofcbndk] C:\Users\Kimmie\AppData\Local\symibswac\mrvyrattssd.exe (Oyxfac)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Kimmie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kimmie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/57.11/uploader2.cab (UploadListView Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Kimmie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kimmie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/21 00:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kimmie\AppData\Local\symibswac
[2010/05/04 19:12:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmie\Desktop\mom day
[2010/04/24 22:42:58 | 000,000,000 | ---D | C] -- C:\Users\Kimmie\Documents\Psych
[2010/04/24 18:59:18 | 000,000,000 | ---D | C] -- C:\Users\Kimmie\Desktop\Psych final

========== Files - Modified Within 30 Days ==========

[2010/05/24 11:41:37 | 002,883,584 | -HS- | M] () -- C:\Users\Kimmie\NTUSER.DAT
[2010/05/24 11:36:22 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/24 11:36:22 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/24 11:36:22 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/24 11:35:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DDB6389-5207-4BE0-9A1D-ABBBCF5C6BD1}.job
[2010/05/24 11:33:47 | 000,000,680 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\d3d9caps.dat
[2010/05/24 11:32:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/24 11:32:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 11:32:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 11:32:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/24 11:32:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/24 11:32:17 | 3210,715,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 11:09:47 | 000,524,288 | -HS- | M] () -- C:\Users\Kimmie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/24 11:09:47 | 000,065,536 | -HS- | M] () -- C:\Users\Kimmie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/24 11:09:37 | 001,499,513 | -H-- | M] () -- C:\Users\Kimmie\AppData\Local\IconCache.db
[2010/05/22 22:01:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 00:15:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3353061931-512492730-3582295594-1000UA.job
[2010/05/22 00:15:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3353061931-512492730-3582295594-1000Core.job
[2010/05/21 00:24:06 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Kimmie.job
[2010/05/21 00:19:58 | 000,060,160 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\syssvc.exe
[2010/05/21 00:19:58 | 000,060,160 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\asam.exe
[2010/05/18 18:51:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/05/15 14:27:04 | 000,122,368 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 21:50:39 | 000,301,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/10 14:03:57 | 000,024,064 | ---- | M] () -- C:\Users\Kimmie\Documents\Bradley passwords.doc
[2010/05/02 22:47:01 | 000,031,232 | ---- | M] () -- C:\Users\Kimmie\Documents\japan trip essay.doc
[2010/05/02 20:23:54 | 000,024,064 | ---- | M] () -- C:\Users\Kimmie\Documents\grad party annoncement.doc
[2010/05/01 10:30:44 | 000,024,064 | ---- | M] () -- C:\Users\Kimmie\Documents\hair prices.doc
[2010/04/25 23:24:47 | 000,138,240 | ---- | M] () -- C:\Users\Kimmie\Documents\prom hair.doc
[2010/04/25 23:20:13 | 000,124,416 | ---- | M] () -- C:\Users\Kimmie\Documents\HAIR FOR PROM 2.doc

========== Files Created - No Company Name ==========

[2010/05/24 11:33:46 | 000,000,680 | ---- | C] () -- C:\Users\Kimmie\AppData\Local\d3d9caps.dat
[2010/05/22 21:58:58 | 3210,715,136 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/21 00:20:58 | 000,060,160 | ---- | C] () -- C:\Users\Kimmie\AppData\Local\asam.exe
[2010/05/21 00:19:57 | 000,060,160 | ---- | C] () -- C:\Users\Kimmie\AppData\Local\syssvc.exe
[2010/05/10 14:03:56 | 000,024,064 | ---- | C] () -- C:\Users\Kimmie\Documents\Bradley passwords.doc
[2010/05/02 22:31:50 | 000,031,232 | ---- | C] () -- C:\Users\Kimmie\Documents\japan trip essay.doc
[2010/05/02 20:23:54 | 000,024,064 | ---- | C] () -- C:\Users\Kimmie\Documents\grad party annoncement.doc
[2010/05/01 10:30:44 | 000,024,064 | ---- | C] () -- C:\Users\Kimmie\Documents\hair prices.doc
[2010/04/25 23:20:13 | 000,124,416 | ---- | C] () -- C:\Users\Kimmie\Documents\HAIR FOR PROM 2.doc
[2009/10/27 18:43:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/01/14 22:12:55 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/14 22:12:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/01/14 22:12:01 | 000,000,815 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/01/14 22:12:01 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/01/14 22:09:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/01/14 22:09:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/01/13 20:26:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/14 20:51:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/11/14 20:51:55 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/11/14 19:14:58 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >

OTL Extras logfile created on: 5/24/2010 11:37:59 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 175.02 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.99 Gb Free Space | 49.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.87 Gb Total Space | 0.93 Gb Free Space | 49.77% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIMMIE-PC
Current User Name: Kimmie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Users\Kimmie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C9B6C4-9B12-49E9-B0B2-EB7F9D9E1655}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{041BC35F-3B07-4415-A99B-EB65CD2A606C}" = rport=137 | protocol=17 | dir=out | app=system |
"{10FC5C56-18DA-466D-8C5A-8871305E3D75}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F1BFEB1-3D2D-4B0E-9825-223262A1E5A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{289A0B85-F237-4737-826A-EDBA40499E06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30455C2C-039B-432D-9C1C-256F715B097E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38BB1F14-2E71-4140-827B-8D9B53DD48B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{47A6ABBC-86BF-436A-A538-5BAF0C837C42}" = rport=445 | protocol=6 | dir=out | app=system |
"{6FA156DA-2BAD-46FD-B708-6428A35A0808}" = rport=139 | protocol=6 | dir=out | app=system |
"{727A9459-4689-4215-B491-36F77FE91AF3}" = lport=445 | protocol=6 | dir=in | app=system |
"{87FCDD15-A29F-434A-9454-68347A300705}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E9A8F41-BABA-4039-AEB9-B3A293CDB36A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A09D81FE-6D90-49F0-9820-9970C16B03F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADF202E7-DC3C-42CB-A1BB-D87853059300}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B6F48614-F31D-4809-886C-046EBF1DC6E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CAE03E4D-6985-4E0B-A9A3-345062EDCC79}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB94C4B4-62BD-46C7-821B-7133AD15E2E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC8077FB-320C-4951-9EFE-A4EFC725C27A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF333309-B409-4C86-91F4-5D6BDBF29557}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0476E370-5F88-4D89-A9FA-E1B08E8E1EB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BE1B9E1-3EE0-4C75-B754-CC21EE68D52D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0C71162E-F0CD-4017-A7AC-5131D36F57EB}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{0F5161A2-5AC4-4B65-AE82-0E3AA46C8D4C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{15BB2A18-1FAB-4308-8595-2CB1C3BA83C8}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{197E04A8-2631-444F-BDBC-5C2786C19094}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{210BCFDB-D080-4C60-9AB6-F8127DD36EE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FC56720-56FC-4A72-A3E6-4EE772333E7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4F44A4AD-FF67-4CFF-9547-4E2D9E1C7C5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D8315E0-2969-4CB2-8984-EB5936648522}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6A74E933-D0BE-4349-A7EA-78BEF4CEFBC2}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{76858D9E-41B4-4C18-880E-68925C88A554}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78B69885-C651-4176-BEB2-749E92B2A088}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{97997AC5-FE51-4672-80C5-B302BBA207B2}" = protocol=6 | dir=out | app=system |
"{9C41FBB8-A5AF-46FA-84DC-42DD1073FABF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A268B7CA-22AB-4EE2-A1D3-1725F4AA9C53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A43BC2DC-D7FB-4957-950D-DC042F6D79C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4AAB1F7-0A2A-4A97-AC24-E6767AE3CD3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA60C89D-9482-45B7-B1E5-921809432C4B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{BB20A3B8-98C4-40B9-AAB9-09272A56F4C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C75C4648-BEE9-44CB-9486-1704B8CF3DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9706FD2-E0A6-4DCE-8273-CF37172DE3C9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"TCP Query User{3DBDEE63-A149-452C-9174-64B61D64BE94}C:\program files\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"UDP Query User{298EBDA6-CFE3-4C97-B73B-72F86E3C0590}C:\program files\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE・Creature Creator
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"EADM" = EA Download Manager
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NSS" = Norton Security Scan
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

Error - 5/21/2010 3:16:11 PM | Computer Name = Kimmie-PC | Source = .NET Runtime | ID = 0
Description =

[ Media Center Events ]
Error - 1/28/2010 8:33:44 PM | Computer Name = Kimmie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/13/2010 5:30:02 PM | Computer Name = Kimmie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/1/2009 11:08:25 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:25 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:25 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:25 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:30 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:30 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:30 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:30 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/1/2009 11:08:30 PM | Computer Name = Kimmie-PC | Source = DCOM | ID = 10016
Description =

Error - 9/2/2009 3:42:06 PM | Computer Name = Kimmie-PC | Source = HTTP | ID = 15016
Description =


< End of report >

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O4 - HKCU..\Run: [asam] C:\Users\Kimmie\AppData\Local\asam.exe ()
  O4 - HKCU..\Run: [oofcbndk] C:\Users\Kimmie\AppData\Local\symibswac\mrvyrattssd.exe (Oyxfac)
  [2010/05/21 00:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kimmie\AppData\Local\symibswac
  [2010/05/21 00:19:58 | 000,060,160 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\syssvc.exe
  [2010/05/21 00:19:58 | 000,060,160 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\asam.exe
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[2010/05/21 00:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kimmie\AppData\Local\symibswac> in the current context!
Error: Unable to interpret <[2010/05/21 00:19:58 | 000,060,160 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\syssvc.exe> in the current context!
Error: Unable to interpret <[2010/05/21 00:19:58 | 000,060,160 | ---- | M] () -- C:\Users\Kimmie\AppData\Local\asam.exe> in the current context!

OTL by OldTimer - Version 3.2.5.0 log created on 05242010_120715

Hello.
You missed :OTL as the top line, the script didn't work correctly. Please re-run the script, be sure to copy all of the bolded text.

oh, sorry, here you go.

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asam deleted successfully.
C:\Users\Kimmie\AppData\Local\asam.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\oofcbndk deleted successfully.
C:\Users\Kimmie\AppData\Local\symibswac\mrvyrattssd.exe moved successfully.
C:\Users\Kimmie\AppData\Local\symibswac folder moved successfully.
C:\Users\Kimmie\AppData\Local\syssvc.exe moved successfully.
File C:\Users\Kimmie\AppData\Local\asam.exe not found.

OTL by OldTimer - Version 3.2.5.0 log created on 05242010_121214

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4139

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/24/2010 12:51:02 PM
mbam-log-2010-05-24 (12-51-02).txt

Scan type: Quick scan
Objects scanned: 134482
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Kimmie\AppData\Local\Temp\dpLF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

Hello.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight the following:
  
  Adobe Reader 9
  Java(TM) 6 Update 7
  Java(TM) 6 Update 16
  
  
• Click on the Uninstall/Change button at the top.
  

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

---

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 20.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3.2

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.