Trogen

[John W]

I just downloaded clamwin for the first time. I have seen all of the permission denied postings, however I know I had a virus, EVERY Tuesday at 5;23pm my send box and YES from AOL would generate an email from me to my whole mailing list with some kind of Viagra link. After running AVG and malwarebytes to find out there was nothing wrong, my son suggested clam. I read your postings and finally ran clam to see that it found 2 trogens, I had checked "put in Quarantine box" prior to running. Now remember I really have no idea what I am doing. It Quarantined the 2 trogens it found. My question is, Is this ok to continue and or can I get the virus out f the actual files it was found in.

Below is JUST a partial of my scan history, I found no need to copy the whole history just the part where the virus was found. What do I do from here. the rest of the history was just all permissions denied.

Thanks much

John W

Scan Started Wed Jun 23 08:11:12 2010

-------------------------------------------------------------------------------

WARNING: Can't open file C:\boot\bcd: Permission denied

WARNING: Can't open file C:\hiberfil.sys: Permission denied

WARNING: Can't open file C:\pagefile.sys: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.ilg: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.ilg: Permission denied

C:\ProgramData\.clamwin\quarantine\migrator.exe.infected: Trojan.Agent-147844 FOUND

C:\ProgramData\.clamwin\quarantine\migrator.exe.infected not moved/copied since already in quarantine

C:\ProgramData\.clamwin\quarantine\setup.exe.infected: Trojan.Agent-148079 FOUND

C:\ProgramData\.clamwin\quarantine\setup.exe.infected not moved/copied since already in quarantine

WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03960095dc3a5dd6d270c42aec252b79_f78b1453-0e94-4d94-a659-a692bbf13204: Permission denied

[jwang01]

Hello and welcome to the forums.

I am jwang01 and I will be assisting you with your issue.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

Let's stake a look at whats going on. I would also recommend changing your passwords for all your email addresses.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "No", save the log and post back the results.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

Next

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Custom Scan box paste this in
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

Please post the logs of GMER and both OTL logs in your next reply.

[John W]

Hello and welcome to the forums.

I am jwang01 and I will be assisting you with your issue.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

Let's stake a look at whats going on. I would also recommend changing your passwords for all your email addresses.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "No", save the log and post back the results.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

Next

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Custom Scan box paste this in
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

Please post the logs of GMER and both OTL logs in your next reply.

Thanks jwang01,

I have no idea what I am doing, though I followed your step by step directions which where very good. before I go on with the final reports, I just want to say, My son says " as long as they are in quarantine I do NT have to worry" as per my original post..

Follows are the results of all the test you had me run,"results.log OTL.txt & Extras.txt As I said, I have NO IDEA what any of it means. Thanks very much for your help

John W

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-25 11:54:49

Windows 6.0.6002 Service Pack 2

Running: l457lwfm.exe; Driver: C:\Users\JOHNWV~1\AppData\Local\Temp\axldrpoc.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 83FE6BF8

INT 0x73 ? 85D7CF00

INT 0x83 ? 85D7CF00

INT 0x92 ? 92A04CD0

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spug.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 87D8741B 5 Bytes JMP 85D7C4E0

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C80A340, 0x3FA057, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060E6D6] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060E042] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060E800] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060E0C0] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060E13E] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061DB90] \SystemRoot\System32\Drivers\spug.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73A57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73AAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73A5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73A4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73A575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73A4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73A5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73A4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73A4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73A471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73ADCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73A7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73A4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73A46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73A4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73A52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84DAA1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 83FE81F8

Device \Driver\usbohci \Device\USBPDO-0 85D6E1F8

Device \Driver\usbehci \Device\USBPDO-1 85D861F8

Device \Driver\usbohci \Device\USBPDO-2 85D6E1F8

Device \Driver\usbehci \Device\USBPDO-3 85D861F8

Device \Driver\netbt \Device\NetBT_Tcpip_{9BDD4505-CBBA-414C-86E4-37FBB2C2D19A} 872331F8

Device \Driver\volmgr \Device\HarddiskVolume1 83FE81F8

Device \Driver\volmgr \Device\HarddiskVolume2 83FE81F8

Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84DA91F8

Device \Driver\atapi \Device\Ide\IdePort0 84DA91F8

Device \Driver\atapi \Device\Ide\IdePort1 84DA91F8

Device \Driver\BTHUSB \Device\00000074 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\netbt \Device\NetBt_Wins_Export 872331F8

Device \Driver\Smb \Device\NetbiosSmb 8723D1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{9E3A5763-9BF5-459C-AF24-1C1653413F26} 872331F8

Device \Driver\iScsiPrt \Device\RaidPort0 85E5F1F8

Device \Driver\usbohci \Device\USBFDO-0 85D6E1F8

Device \Driver\usbehci \Device\USBFDO-1 85D861F8

Device \Driver\usbohci \Device\USBFDO-2 85D6E1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{5EDC3603-D722-4958-894E-E13175315CF6} 872331F8

Device \Driver\usbehci \Device\USBFDO-3 85D861F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a760d4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0xD6 0x43 0x37 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37a760d4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0xD6 0x43 0x37 ...

---- EOF - GMER 1.0.15 ----

I guess its going to take me one or 2 more post t get you all the info, this was the Results.log next post will be the OTL.tex

[John W]

Thanks jwang01,

I have no idea what I am doing, though I followed your step by step directions which where very good. before I go on with the final reports, I just want to say, My son says " as long as they are in quarantine I do NT have to worry" as per my original post..

Follows are the results of all the test you had me run,"results.log OTL.txt & Extras.txt As I said, I have NO IDEA what any of it means. Thanks very much for your help

John W

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-25 11:54:49

Windows 6.0.6002 Service Pack 2

Running: l457lwfm.exe; Driver: C:\Users\JOHNWV~1\AppData\Local\Temp\axldrpoc.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 83FE6BF8

INT 0x73 ? 85D7CF00

INT 0x83 ? 85D7CF00

INT 0x92 ? 92A04CD0

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spug.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 87D8741B 5 Bytes JMP 85D7C4E0

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C80A340, 0x3FA057, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060E6D6] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060E042] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060E800] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060E0C0] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060E13E] \SystemRoot\System32\Drivers\spug.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061DB90] \SystemRoot\System32\Drivers\spug.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73A57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73AAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73A5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73A4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73A575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73A4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73A5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73A4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73A4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73A471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73ADCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73A7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73A4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73A46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73A4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3528] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73A52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe[3768] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84DAA1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 83FE81F8

Device \Driver\usbohci \Device\USBPDO-0 85D6E1F8

Device \Driver\usbehci \Device\USBPDO-1 85D861F8

Device \Driver\usbohci \Device\USBPDO-2 85D6E1F8

Device \Driver\usbehci \Device\USBPDO-3 85D861F8

Device \Driver\netbt \Device\NetBT_Tcpip_{9BDD4505-CBBA-414C-86E4-37FBB2C2D19A} 872331F8

Device \Driver\volmgr \Device\HarddiskVolume1 83FE81F8

Device \Driver\volmgr \Device\HarddiskVolume2 83FE81F8

Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84DA91F8

Device \Driver\atapi \Device\Ide\IdePort0 84DA91F8

Device \Driver\atapi \Device\Ide\IdePort1 84DA91F8

Device \Driver\BTHUSB \Device\00000074 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\netbt \Device\NetBt_Wins_Export 872331F8

Device \Driver\Smb \Device\NetbiosSmb 8723D1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{9E3A5763-9BF5-459C-AF24-1C1653413F26} 872331F8

Device \Driver\iScsiPrt \Device\RaidPort0 85E5F1F8

Device \Driver\usbohci \Device\USBFDO-0 85D6E1F8

Device \Driver\usbehci \Device\USBFDO-1 85D861F8

Device \Driver\usbohci \Device\USBFDO-2 85D6E1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{5EDC3603-D722-4958-894E-E13175315CF6} 872331F8

Device \Driver\usbehci \Device\USBFDO-3 85D861F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a760d4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0xD6 0x43 0x37 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37a760d4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0xD6 0x43 0x37 ...

---- EOF - GMER 1.0.15 ----

I guess its going to take me one or 2 more post t get you all the info, this was the Results.log next post will be the OTL.tex

OTL logfile created on: 6/25/2010 12:05:56 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\johnwvideo\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.83 Gb Total Space | 56.07 Gb Free Space | 40.98% Space Free | Partition Type: NTFS

Drive D: | 12.22 Gb Total Space | 1.80 Gb Free Space | 14.74% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JOHNWVIDEO-PC

Current User Name: johnwvideo

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\johnwvideo\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\Common Files\AOL\1250908120\ee\aolsoftware.exe (AOL LLC)

PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\johnwvideo\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\GdiPlus.dll (Microsoft Corporation)

MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (HTCAND32) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (rcmirror) -- C:\WINDOWS\System32\drivers\rcmirror.sys (Windows ® Codename Longhorn DDK provider)

DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (61883) -- C:\WINDOWS\System32\drivers\61883.sys (Microsoft Corporation)

DRV - (Avc) -- C:\WINDOWS\System32\drivers\avc.sys (Microsoft Corporation)

DRV - (MSDV) -- C:\WINDOWS\System32\drivers\msdv.sys (Microsoft Corporation)

DRV - (btwavdt) -- C:\WINDOWS\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwaudio) -- C:\WINDOWS\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\WINDOWS\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"

FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:0.72

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/17 13:01:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 10:37:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 10:37:06 | 000,000,000 | ---D | M]

[2009/08/23 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\johnwvideo\AppData\Roaming\Mozilla\Extensions

[2010/06/25 10:19:45 | 000,000,000 | ---D | M] -- C:\Users\johnwvideo\AppData\Roaming\Mozilla\Firefox\Profiles\mvubp963.default\extensions

[2010/05/14 19:35:10 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\johnwvideo\AppData\Roaming\Mozilla\Firefox\Profiles\mvubp963.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

[2010/06/21 20:11:38 | 000,000,000 | ---D | M] () -- C:\Users\johnwvideo\AppData\Roaming\Mozilla\Firefox\Profiles\mvubp963.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

[2010/03/04 20:50:49 | 000,004,554 | ---- | M] () -- C:\Users\johnwvideo\AppData\Roaming\Mozilla\Firefox\Profiles\mvubp963.default\searchplugins\aim-search.xml

[2010/06/16 15:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/14 12:57:20 | 000,000,790 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1250908120\ee\AOLSoftware.exe (AOL LLC)

O4 - HKLM..\Run: [hpqSRMon] File not found

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: mlb.com ([mlb] https in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/10/23 03:21:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O33 - MountPoints2\{4aa718dd-8ed5-11de-a085-001e37a760d4}\Shell - "" = AutoRun

O33 - MountPoints2\{4aa718dd-8ed5-11de-a085-001e37a760d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{84959e51-691a-11df-89b1-001e37a760d4}\Shell - "" = AutoRun

O33 - MountPoints2\{84959e51-691a-11df-89b1-001e37a760d4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{b2454a2c-6fde-11df-b1d7-001e37a760d4}\Shell\AutoRun\command - "" = E:\CACHESYS\DATA-345432365\device32.exe -- File not found

O33 - MountPoints2\{b2454a2c-6fde-11df-b1d7-001e37a760d4}\Shell\open\command - "" = E:\CACHESYS\DATA-345432365\device32.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\WINDOWS\System32\ias [2009/08/25 06:29:44 | 000,000,000 | ---D | M]

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/25 11:04:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/06/25 10:52:48 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\AVG8

[2010/06/24 09:09:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/24 09:09:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/24 09:09:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/23 14:41:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/06/23 14:41:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/06/22 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\.clamwin

[2010/06/22 19:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin

[2010/06/22 19:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\.clamwin

[2010/06/22 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\Desktop\Adboe Clips

[2010/06/22 16:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Minnetonka Audio Software

[2010/06/21 22:20:29 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\Facebook

[2010/06/21 18:47:27 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll

[2010/06/21 17:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2010/06/21 12:46:37 | 000,046,928 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll

[2010/06/16 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\Malwarebytes

[2010/06/16 16:09:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/06/16 16:09:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/06/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/16 16:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/06/14 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\Documents\Adobe

[2010/06/14 17:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2010/06/14 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2010/06/14 15:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2010/06/14 13:26:53 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\WinRAR

[2010/06/14 13:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/06/14 12:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2010/06/14 09:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe

[2010/06/14 09:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010/06/14 09:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2010/06/14 09:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name

[2010/06/14 09:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/06/13 21:16:48 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\Python-Eggs

[2010/06/13 21:16:44 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\BitLord

[2010/06/13 21:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\BitLord 1.2

[2010/06/13 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\AOL

[2010/06/13 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\DAEMON Tools Lite

[2010/06/13 20:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2010/06/09 22:05:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/06/09 22:05:20 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/06/09 22:05:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/06/09 22:05:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/06/09 22:05:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/06/09 22:05:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/06/09 22:05:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/06/09 22:05:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/06/09 22:05:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/06/09 22:05:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/06/09 22:05:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/06/09 22:05:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/06/09 22:05:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/06/09 22:05:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010/06/09 22:05:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/06/09 22:05:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/06/09 22:05:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/06/09 22:05:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/06/09 22:04:41 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/06/08 07:27:53 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\Desktop\NEW RESUME and OLD

[2010/06/08 07:26:59 | 000,000,000 | R--D | C] -- C:\Users\johnwvideo\Desktop\Documents

[2010/06/03 16:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications

[2010/06/03 16:16:03 | 000,000,000 | ---D | C] -- C:\ruu_log

[2010/06/03 15:41:11 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Local\HTC

[2010/06/03 15:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC

[2010/06/03 15:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared

[2010/06/03 15:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca

[2010/05/31 12:00:29 | 000,000,000 | ---D | C] -- C:\Users\johnwvideo\AppData\Roaming\Teleca

[2010/05/31 11:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\HTC

========== Files - Modified Within 30 Days ==========

[2010/06/25 12:02:45 | 003,407,872 | -HS- | M] () -- C:\Users\johnwvideo\ntuser.dat

[2010/06/25 12:01:18 | 000,001,221 | ---- | M] () -- C:\Users\johnwvideo\Desktop\OTL - Shortcut.lnk

[2010/06/25 11:11:49 | 000,695,758 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/25 11:11:49 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/25 11:11:49 | 000,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/25 11:04:42 | 000,028,314 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/06/25 11:04:42 | 000,028,314 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/06/25 11:04:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/25 11:04:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/25 11:04:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/25 11:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/25 11:04:00 | 2079,195,136 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/25 11:03:57 | 231,381,184 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/06/25 10:33:01 | 000,293,376 | ---- | M] () -- C:\Users\johnwvideo\Desktop\l457lwfm.exe

[2010/06/25 10:25:01 | 000,076,118 | ---- | M] () -- C:\Users\johnwvideo\Documents\Trogen info.pdf

[2010/06/25 10:24:07 | 000,076,228 | ---- | M] () -- C:\Users\johnwvideo\Desktop\Trogen info.pdf

[2010/06/24 18:03:27 | 000,524,288 | -HS- | M] () -- C:\Users\johnwvideo\ntuser.dat{2c67f892-8f82-11de-8dd7-001e37a760d4}.TMContainer00000000000000000001.regtrans-ms

[2010/06/24 18:03:27 | 000,065,536 | -HS- | M] () -- C:\Users\johnwvideo\ntuser.dat{2c67f892-8f82-11de-8dd7-001e37a760d4}.TM.blf

[2010/06/24 18:03:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/06/24 18:02:35 | 001,882,611 | -H-- | M] () -- C:\Users\johnwvideo\AppData\Local\IconCache.db

[2010/06/24 10:37:10 | 000,001,748 | ---- | M] () -- C:\Users\johnwvideo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/06/24 10:37:10 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/06/22 19:22:01 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ClamWin Antivirus.lnk

[2010/06/22 18:34:27 | 000,014,848 | ---- | M] () -- C:\Users\johnwvideo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/22 18:28:38 | 000,000,000 | ---- | M] () -- C:\Users\johnwvideo\AppData\Local\prvlcl.dat

[2010/06/22 16:05:05 | 000,002,144 | ---- | M] () -- C:\Users\johnwvideo\Desktop\AOL Computer Check-Up.lnk

[2010/06/22 15:22:50 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys

[2010/06/22 11:49:10 | 000,000,680 | ---- | M] () -- C:\Users\johnwvideo\AppData\Local\d3d9caps.dat

[2010/06/21 11:01:04 | 000,028,160 | ---- | M] () -- C:\Users\johnwvideo\Desktop\John's_Cover_Letter.doc

[2010/06/21 09:20:04 | 000,034,816 | ---- | M] () -- C:\Users\johnwvideo\Desktop\John's_Resume.doc

[2010/06/16 16:09:04 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/15 23:07:22 | 000,001,757 | ---- | M] () -- C:\Users\johnwvideo\Desktop\Windows Defender.lnk

[2010/06/15 17:36:22 | 000,000,944 | ---- | M] () -- C:\Users\johnwvideo\Desktop\Windows Media Player.lnk

[2010/06/14 19:24:36 | 000,000,726 | -H-- | M] () -- C:\IPH.PH

[2010/06/14 17:53:51 | 003,763,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/14 17:27:01 | 000,001,074 | ---- | M] () -- C:\Users\johnwvideo\Desktop\Adobe Premiere Pro CS4.lnk

[2010/06/14 17:22:47 | 000,111,328 | ---- | M] () -- C:\Users\johnwvideo\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/13 21:24:14 | 000,000,218 | ---- | M] () -- C:\Users\johnwvideo\.recently-used.xbel

[2010/06/13 20:22:52 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/06/13 20:17:01 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys

[2010/06/06 18:58:55 | 001,048,576 | -HS- | M] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.2.regtrans-ms

[2010/06/06 18:58:55 | 001,048,576 | -HS- | M] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.1.regtrans-ms

[2010/06/06 18:58:55 | 001,048,576 | -HS- | M] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.0.regtrans-ms

[2010/06/06 18:58:54 | 000,065,536 | -HS- | M] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.blf

[2010/06/03 17:01:04 | 000,002,085 | ---- | M] () -- C:\Users\johnwvideo\Desktop\HTC Sync .lnk

[2010/06/03 15:39:44 | 000,000,000 | ---- | M] () -- C:\Windows\DbgOut.INI

[2010/05/31 16:05:56 | 000,001,703 | ---- | M] () -- C:\Users\johnwvideo\Desktop\Windows Contacts.lnk

[2010/05/31 15:58:26 | 000,000,938 | ---- | M] () -- C:\Users\johnwvideo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/05/31 15:50:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

========== Files Created - No Company Name ==========

[2010/06/25 12:01:01 | 000,001,221 | ---- | C] () -- C:\Users\johnwvideo\Desktop\OTL - Shortcut.lnk

[2010/06/25 11:03:57 | 231,381,184 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/06/25 10:33:00 | 000,293,376 | ---- | C] () -- C:\Users\johnwvideo\Desktop\l457lwfm.exe

[2010/06/25 10:25:01 | 000,076,118 | ---- | C] () -- C:\Users\johnwvideo\Documents\Trogen info.pdf

[2010/06/25 10:24:07 | 000,076,228 | ---- | C] () -- C:\Users\johnwvideo\Desktop\Trogen info.pdf

[2010/06/24 17:30:37 | 387,479,552 | ---- | C] () -- C:\Users\johnwvideo\Desktop\Matt sleeing jet taking off 7.VOB

[2010/06/24 09:04:21 | 2079,195,136 | -HS- | C] () -- C:\hiberfil.sys

[2010/06/22 19:22:01 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ClamWin Antivirus.lnk

[2010/06/22 16:05:05 | 000,002,144 | ---- | C] () -- C:\Users\johnwvideo\Desktop\AOL Computer Check-Up.lnk

[2010/06/16 16:09:04 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/15 23:07:22 | 000,001,757 | ---- | C] () -- C:\Users\johnwvideo\Desktop\Windows Defender.lnk

[2010/06/15 17:36:22 | 000,000,944 | ---- | C] () -- C:\Users\johnwvideo\Desktop\Windows Media Player.lnk

[2010/06/14 17:27:01 | 000,001,074 | ---- | C] () -- C:\Users\johnwvideo\Desktop\Adobe Premiere Pro CS4.lnk

[2010/06/14 08:47:32 | 000,000,726 | -H-- | C] () -- C:\IPH.PH

[2010/06/13 21:24:14 | 000,000,218 | ---- | C] () -- C:\Users\johnwvideo\.recently-used.xbel

[2010/06/13 21:16:44 | 000,000,000 | ---- | C] () -- C:\Users\johnwvideo\AppData\Roaming\bitlord_log.txt

[2010/06/13 20:17:01 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/06/12 18:20:56 | 000,028,160 | ---- | C] () -- C:\Users\johnwvideo\Desktop\John's_Cover_Letter.doc

[2010/06/12 18:20:32 | 000,034,816 | ---- | C] () -- C:\Users\johnwvideo\Desktop\John's_Resume.doc

[2010/06/06 18:58:55 | 001,048,576 | -HS- | C] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.2.regtrans-ms

[2010/06/06 18:58:55 | 001,048,576 | -HS- | C] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.1.regtrans-ms

[2010/06/06 18:58:55 | 001,048,576 | -HS- | C] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.0.regtrans-ms

[2010/06/06 18:58:54 | 000,065,536 | -HS- | C] () -- C:\Users\johnwvideo\ntuser.dat{2c67f891-8f82-11de-8dd7-001e37a760d4}.TxR.blf

[2010/06/03 17:01:04 | 000,002,085 | ---- | C] () -- C:\Users\johnwvideo\Desktop\HTC Sync .lnk

[2010/06/03 15:39:44 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI

[2010/05/31 16:05:56 | 000,001,703 | ---- | C] () -- C:\Users\johnwvideo\Desktop\Windows Contacts.lnk

[2010/05/31 15:58:26 | 000,000,938 | ---- | C] () -- C:\Users\johnwvideo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/05/31 15:50:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2010/05/28 08:04:00 | 000,002,280 | ---- | C] () -- C:\Users\johnwvideo\Desktop\AOL Desktop.lnk

[2009/08/30 18:23:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2008/10/08 18:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll

[2008/02/13 17:20:07 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/11/18 18:22:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\imlCID.dll

[2007/09/05 16:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/10/23 03:21:14 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/11/16 13:20:57 | 000,024,302 | ---- | M] () -- C:\CybDefInstallInfo.log

[2010/06/25 11:04:00 | 2079,195,136 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/14 19:24:36 | 000,000,726 | -H-- | M] () -- C:\IPH.PH

[2010/06/25 11:03:57 | 2393,034,752 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\hpfpp082.dll

[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\mdippr.dll

[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll

[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV

[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV

[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV

[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV

[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >

[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

[John W]

I just downloaded clamwin for the first time. I have seen all of the permission denied postings, however I know I had a virus, EVERY Tuesday at 5;23pm my send box and YES from AOL would generate an email from me to my whole mailing list with some kind of Viagra link. After running AVG and malwarebytes to find out there was nothing wrong, my son suggested clam. I read your postings and finally ran clam to see that it found 2 trogens, I had checked "put in Quarantine box" prior to running. Now remember I really have no idea what I am doing. It Quarantined the 2 trogens it found. My question is, Is this ok to continue and or can I get the virus out f the actual files it was found in.

Below is JUST a partial of my scan history, I found no need to copy the whole history just the part where the virus was found. What do I do from here. the rest of the history was just all permissions denied.

Thanks much

John W

Scan Started Wed Jun 23 08:11:12 2010

-------------------------------------------------------------------------------

WARNING: Can't open file C:\boot\bcd: Permission denied

WARNING: Can't open file C:\hiberfil.sys: Permission denied

WARNING: Can't open file C:\pagefile.sys: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.ilg: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg: Permission denied

WARNING: Can't open file C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.ilg: Permission denied

C:\ProgramData\.clamwin\quarantine\migrator.exe.infected: Trojan.Agent-147844 FOUND

C:\ProgramData\.clamwin\quarantine\migrator.exe.infected not moved/copied since already in quarantine

C:\ProgramData\.clamwin\quarantine\setup.exe.infected: Trojan.Agent-148079 FOUND

C:\ProgramData\.clamwin\quarantine\setup.exe.infected not moved/copied since already in quarantine

WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03960095dc3a5dd6d270c42aec252b79_f78b1453-0e94-4d94-a659-a692bbf13204: Permission denied

This is the final [post, assuming you received the results.log and the OTL.tex, I actually d not see them here, s I hope I am posting them correctly, remember, I( do not have a clue as to what I am doing however I can follow your step by step instructions..

Do you think the virus that was caught and put in quarantine as per my original post is SAFE ?

OTL Extras logfile created on: 6/25/2010 12:05:56 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\johnwvideo\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.83 Gb Total Space | 56.07 Gb Free Space | 40.98% Space Free | Partition Type: NTFS

Drive D: | 12.22 Gb Total Space | 1.80 Gb Free Space | 14.74% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JOHNWVIDEO-PC

Current User Name: johnwvideo

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{4E15A9AC-B685-4CF9-A545-F2A957425815}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{6DBEADD2-D600-4CF5-A389-E23E963CCF28}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{73615B1C-4DBE-42FC-9F3D-E251D39CFEB9}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{7B0CF324-DB74-4D33-9A2D-B9F564A4382D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{7F4C863E-4B7F-4D89-98B9-5DAABCE92027}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{AD06C4F3-BF65-450E-89BF-A9A25525E6CC}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{F3DE8F82-DF91-4A2C-85F3-E1AAFE64A413}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{007F1ADB-F13A-4DC7-A081-2CB2D2D5A389}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{05287ED8-02E8-45B1-81DE-2D7A16228C23}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{170CDA6A-111A-4A9A-98ED-2A85D43D77DB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{1B6D2C62-1C46-4295-B35A-FA28E0E16638}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{1D880217-7A29-46DE-A97F-AC8CABB19233}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{1EF9E5B3-5067-45C5-A10D-32459EA69740}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{1F288E61-7127-4EE1-87A3-6C18E889EA06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{27B1EB00-F62E-4365-8FCE-EE980D4E2E5D}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{29DA7670-1067-4EF0-89EE-9BD6B12C9B54}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{2E71EFEB-A39D-4F09-9A4E-C7463981BBC4}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{2F635961-175D-4664-B4FD-26A3D12F4096}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{35E833B9-ECF9-461D-A44B-D67B11393AA1}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{39B3D989-6E77-4032-8CD7-F8CA94EF8C0D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{3C09C7B0-17B7-4B1E-AE3F-038EB1904C5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{3EC86714-8387-408B-96E6-981610836165}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{45353C69-11B0-49DF-A153-FAEF489D2F33}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{48D712D2-7621-4D3A-898A-4124D832A1DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{4FA3ABA8-BCBD-4986-800C-8C26B1CE14A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{4FAA0760-56DC-4402-B537-119A5ECFDA29}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1250908120\ee\aoldesktop.exe |

"{52897463-315C-4774-8251-F63A58A7C8A4}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{552FFC20-FC88-4384-B3A5-0A203626C468}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{6F50D2C4-8E6C-46EE-88E2-254E72827181}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{6F6C4E11-57D3-49BA-A964-CAFF949BCE42}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{75064E7F-68BA-4BBC-879D-C94E47A5CE92}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{79C39667-5064-47F9-BB11-7BCC522B9C10}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{7BEA4A2D-1139-4846-9EEF-BC2DA176C15E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |

"{894DD9E7-69C4-423F-9AA9-CF7886FFD960}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{90AC1F24-A4CC-4AF8-928D-E438FCB41291}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |

"{92B9BEEE-40A9-43C4-88F4-88E4BFB2478E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{A27C0137-50B1-4DB6-AE63-951A3824721C}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{A46A8F63-C3F9-4C7F-8014-735253AF37A4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{ADAC8032-8D30-4928-B9FB-7D3360FDBEC1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1250908120\ee\aolsoftware.exe |

"{B2968584-B7A1-4CE1-91EE-0E33E7CA9CAF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1250908120\ee\aolsoftware.exe |

"{B30FAFCE-98EF-4CE4-8519-2BF4EFBA9C61}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{B764007C-C668-40E0-9570-4FFCA879005D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{B81F62E7-E9A4-4330-BE2B-FBF881E4FAB3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B9D5E06F-0DF6-4F61-A359-53B94B0B938C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{BED162E5-1B3C-4397-80C5-9F61D7A34FF7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{C3FBDB39-E5E4-4B54-AFEA-1DDB1BF739F7}" = dir=in | app=c:\users\johnwvideo\desktop\hp\oj6500ve709_full_12_en\setup\hpznui01.exe |

"{CABE275A-2E71-4CD7-BEFE-592949AFE45F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{CAD9F03C-A5E3-4088-A2BE-71AB2D5361BE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |

"{CF640E0F-DCE7-4216-9ACD-3287E80C3DD1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{DE36EBA7-C263-49F5-A9A7-681D29B8A8E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |

"{E94C6E2C-05C3-48F4-A3A3-543ECB5104BB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{EC6C6F14-B328-4893-B42B-C07BFDEAD747}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{EECACF90-AE5D-4362-BEF7-14388B2A36A5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1250908120\ee\aoldesktop.exe |

"{F0B2A08B-115C-4C97-8CEB-D40D590D2BCE}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |

"{F1BEC95B-C882-466E-AB6B-79C1C9B959BC}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{F49C8270-882C-4AAC-863F-2F83215115F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |

"{F4F19AAA-E5C3-4558-990C-07F02CDA44EE}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{F6A10BF2-F0DE-4AAE-BFE2-504D153C766F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"TCP Query User{40A9BF30-D722-44A0-9340-A485AA9DFD00}C:\program files\common files\aol\1250908120\ee\aoldesktop.exe" = protocol=6 | dir=in | app=c:\program files\common files\aol\1250908120\ee\aoldesktop.exe |

"UDP Query User{9E53E2B1-04DC-4D52-AB6F-B839BA14C482}C:\program files\common files\aol\1250908120\ee\aoldesktop.exe" = protocol=17 | dir=in | app=c:\program files\common files\aol\1250908120\ee\aoldesktop.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500

"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware

"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library

"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista

"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4

"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan

"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran

[jwang01]

Hello,

I do see some things that need to be taken care of. The things in quarintine are harmless.

• 1 - Flash Drive Disinfector
  Download Flash_Disinfector.exe by sUBs from

here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  
• Wait until it has finished scanning and then exit the program.
  
• Reboot your computer when done.
  

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Next

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O1 - Hosts: 127.0.0.1 activate.adobe.com
  O4 - HKLM..\Run: [] File not found
  O33 - MountPoints2\{b2454a2c-6fde-11df-b1d7-001e37a760d4}\Shell\AutoRun\command - "" = E:\CACHESYS\DATA-345432365\device32.exe -- File not found
  O33 - MountPoints2\{b2454a2c-6fde-11df-b1d7-001e37a760d4}\Shell\open\command - "" = E:\CACHESYS\DATA-345432365\device32.exe -- File not found
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptyflash]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.