Computer will not complete reboot

[KellyG]

HELP!! My computer has been plagued with trojans and malware for weeks. I have been running the Malwarebytes scanner to remove. A reboot is necessary to completely remove some of the threats, but my computer cannot complete a reboot -- it ends up on a blue/black screen, and all I can do is power off and restart in safe mode. It's a vicious cycle. I cannot remove the threats without rebooting, but I think the threats are preventing a reboot. A computer expert told me bad memory sticks were causing the reboot fail, but I am still having problems after replacing the memory. A list of threats found from a Malwarebytes scan includes:

Trojan.Hiloti

Trojan.FakeAlert

Trojan.Downloader

Trojan.Downloader.Gen

Trojan.Clicker

Trojan.Agent

Trojan.ZbotR.Gen

Trojan.Ertfoor

Trojan.Malagent

Malware.Packer.Gen

Adware.Adshot

Password.Stealer

Malware.Trace

Hijack.FolderOptions

Hijack.Regedit

Spyware.Passwords.XGen

Worm.Koobface

[KellyG]

When I try to run Avira, I get an error saying "Windows update running in parallel" and it will not run.

I am unable to download OTL -- the process spontaneously closes before completing.

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Then select Start OTL. OTL will now run

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    

  [*]Click the Internet Explorer button, post these logs in your Virus Removal topic.

[Elise]

Is this about the same computer as this topic: http://forums.malwarebytes.org/index.php?showtopic=63124

[KellyG]

OTL Log:

OTL logfile created on: 10/12/2010 8:00:14 AM - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Kelly\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.43 Gb Total Space | 2.47 Gb Free Space | 3.46% Space Free | Partition Type: NTFS

Computer Name: KELLYS | User Name: Kelly | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 07:58:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.scr

PRC - [2010/10/12 07:58:42 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTH.scr

========== Modules (SafeList) ==========

MOD - [2010/10/12 07:58:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.scr

MOD - [2010/10/10 15:56:39 | 000,047,104 | -H-- | M] () -- C:\WINDOWS\SYSTEM32\CIDAdiag.dll

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe -- (WUSB54GCSVC)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/14 15:19:28 | 000,326,488 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)

SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\onfj.sys -- (sqvpvax)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfumqbrz.sys -- (sfumqbrz)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ppaabpno.sys -- (ppaabpno)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\olzakbne.sys -- (olzakbne)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\nxbxdyuf.sys -- (nxbxdyuf)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\miavviby.sys -- (miavviby)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\abfrwhij.sys -- (ixhbxgt)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\lywmnc.sys -- (imsqee)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\iitkwujl.sys -- (iitkwujl)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\qwjo.sys -- (iarbs)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\eebylzuv.sys -- (eebylzuv)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\yogyp.sys -- (bqnq)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\afxcaavh.sys -- (afxcaavh)

DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)

DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\dsproct.sys -- (DSproct)

DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)

DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\bcm42rly.sys -- (BCM42RLY)

DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)

DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsfhwbs2.sys -- (HSFHWBS2)

DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys -- (winachsf)

DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_dp.sys -- (HSF_DP)

DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\gtndis5.sys -- (GTNDIS5)

DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)

DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ubah.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://app.oprius.com/email/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}: C:\Documents and Settings\Kelly\Local Settings\Application Data\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}\ [2010/10/10 15:58:41 | 000,000,000 | ---D | M]

[2010/05/24 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions

[2010/05/24 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/10/07 12:06:22 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/09/18 11:07:59 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MKfPcsonalift.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHA6lBnEixosWCqfwklOiQ4z+PHhWGvMhwpMiIDz1qJMmyJcFU

qVxOBCmzpsCVFGOitFlRIkycBE1+/JgRqEGaR4cKDfovlUmJUJVKpbh06FGnG3cO1CgUqdWCXi96

hEkWYkadEKsi5KiWp8CMDY0+lOu250GyMLUKpMaX2s++gJ3yFfwRsOHDiP0qTsy4cV/Bjx1DhuzY

MOXKmCnbPEzWL9q7fj6jbFtyIOGODSWGpnty70TWdVNr7drU88/LfVd3zurVa0yofFPyhuu6NOyk

UWkmn70wbGy9RMsG5Tq4utPrfoVHFF0cbMLQF7lD/zz+nKVJ8W/xcgyN/qXtvNcpo/UJfeRInGpT

TUHoh/TXgv1lldSAU5WHUXdX4dUUTPf54aBGqxllm2Lx4RZcXyg9CB1/Dn5GHkMfGmgTVt0FZxBe

Z2kY0oXM0edeZyguBlxhgZl40HoPAqXcfwYFSKBzBIq41o8L6dZeWyRGtNSEPkElGmM05qbhhqO9

JGRLVa1IGIwUMthZdQ+ql1dh8Q3GoGeLiUmNkdnFdN2CKCqI4D/UAZcYZN3B5t+VaSH5VXLr6YQi

akkRt9BkFEaG3aLBMYoodob1B5hU1iXqqI01SSrgXi4ihJWDU/gRaqgPXsiia3Zi2mB2ywW1pJJw

/v9GZ3TvoejjQeRBWSKVJI256VsJieYrrrutuWaFWO04Fq+HetarohNeOeNGpwH4GZCzMtWUae1d

BeidKfb4U4BRsTfjcnypCCxzCk1JZ5y18qhtsEW521xkjXZ7YHduspVaRsdyxVuUGMpLzRSjdpik

d+hWCVWOOeoHsaswejkhpCLlOMWRppaY6GBUzreXrPNGlREKU6C8n09wPewgqm6qhy9RCCOMssp5

sbVstufVmWphnEZFqqhE3+hUaKFWTNaDpKa1baonI6zovrXpayI1Kt+8H0pertVVf3iJOirCYtf8

8lFrvlThsYvemO2sUaH6Vb0dfgcxafYRJSoKfPf/jWHcXQo6p182T8FX3ynfqlqKSY7lL8swlp1y

zZSj/N7F0uEqcNAE3Tpy0wgezHR7EoO6p2l7960632gSLBWjBBV+81uhqdz5wn6xB5asaYPFsuTA

C0WYqUKxR7em5Nn7EcSwMY+eUKvzjfB1fK8kHct/m3pdytKjkOxH3I8rd0gRn1lrnDqJrXLZp241

cpWuMp+woW7fNGXCoXZVFKn6vtS992Cp3oGGtS2RSaRyBRNIzY50tA7pblLNEpuoOHKW7FBNXtNh

XsTAZhZQ5ShYDjwbkZzkt/Qo0HC+YxCAniIQ6f3mMX7AGfrqlbPfhMZJ95ocwgoFMBHCynceTF9/

/zyYtNcQrYgggcrQQhWku/BNJ0+8Sf0I2B4JvslNk/tbh+z0p6HcMCsxoRxd7jOoOdGpVNYqylkm

cjwfom5izcFI9SQiPSk+jUerqUwqbvYY/XAPBWvaos4QI6yybMk2NQOgq/6jo7OM6WFI3F0Q2XhE

B1GIaZW0JLMKsj7VqeYhhnyKDiWnta0xzG2pUsx/yDK/mfVIISpMkRsjshqqaPCWzDvdQP7oyW3V

L4VEIZ/Whtk9CSlrKLwzjWfq9A/KrcyCUTpaZBDUoVGxEJIhGk0lE+bBbhKNZA7ZYyeZ+LaGxAyZ

4BFn4TZ2uJR5x4ym6WK5cibGrdCtgTrRGQ0Ho/880OjSi7iUX8R+eSMB/oN1n5zXjSgInqEU7ou7

RNl8WIgcpTyGdjEUoyaH50XaVbBHgnSl+4Y0vqYQjYgn9dJJRXg6F97HLO9aiQMPKrUeJe6drdnO

F01GOdq8K3f9C9PtdBOhknwspmHC1FbgKBzuFS9vCCKOhsoyuc29BWe6AWrnghOmszWMTipLmkoc

qRfnBRRpChvp3GS2k/1tcTaYNNw/M7qaHSZ0Q7JsaDwzclMATQ5nQH3ggow3w2Q605F5BZsli9Iu

TXK1dKLKi7kylzGmgjRH2AJi9FDYxG5SykpYc+cZM4o47ylLqTCEmEoTqbCl7SZZ2MqdCBso0MH/

sauZlQzWEvvHyT9WtUg/AVGKnLmxvZktny9bHFFDmKCjmU1TauMSfJDVGcw+bZkrzeZl+/lGoabk

j7NcJX5AWi9k2kxroJoehJKrF2h2LoQqO1giKYiYWtKnYU5S7aA2SFK7De15zLvgQkmzRntGqKs0

NG5Y9zOsQTlHufRrJnFr5p8byshMkApkqdhS3nJ20Lo3CrAJ+xs37wytqwUqsWuMu7H5kMhGN2Tc

gZW6l0TaeIHiiZsazRRNKXETk+nzKQY1Bh6v4C9AvAWudtF2xQRq5UlwKSPAAnuWsZmNuOJZG5ye

EpjsYlbF9Arb8UhnLmfJJqpLNie85GbCNxWn/0lfFA110uvMlC7XSA68joRoRDduFgVQxhMsSDJZ

H/dscl56Lc/FbMMpgo5MOiIbmeTYeZc4DfFTiIWQmFxb1FMahka49S4sr7UrpqgmvP21yH25hr6S

jk/GmfbMqBh3m1QHDIOoilQID/y9/G64OmAG53jSTBLAJblr5/NSDWuNNu1U6UsXxle0gZ0oAhE1

1hhKsklXImSZlBhkJc4wo6h9qUXR2lJdqlS50wTRIrHKyfA0NUCR8+kT5ROnHUF324wtoyYbkFu2

1dFSHEnjJuI7uO1aV6MLHlPGHTOO6io1s2I7lRWp7T9VIY6/fOma/i3z3vH+IUas2jllyk1Suf8x

VG/kWfAIK5oqkc6JpzJ+qzKSRHcA4hatB4zrlLQbS3EM+ZDAfJLYFpwtnYbTz/+08a9cWzeNTg0E

ZyJ0A/3znwpdS7dMFC5OyYk/iB1TQ8dLlJlMXUgUz5t/dFYgp7HZouP+rEpmqnNej/Eljj0Q1kHd

7c1YveelOTOUCpZp+i1tLgRU+N+93Xax4Nsuag+KeC49ZUSByUOHryjDF+Z2Pg3s6p5fa7q6bnGv

1QjcZKV6bFql+i7uKoFdQW3jnXY1WOuo2Z99+8gJDimXv7P0ON176KvOE9cKRtuOrohro5v4RQ7f

JW1JosGVzLhUtz7rlGwZMlXu+uejPTypd7YZ9xHd9fHXpe/wjH7QH0/854B5LCw9tEUCAgA7] C:\WINDOWS\win16.exe File not found

O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - HKLM..\Run: [sfuyeno] C:\WINDOWS\umowoyuliwol.DLL (CyberLink Corp.)

O4 - HKCU..\Run: [{DFFA8137-3B9E-A024-A569-AEC2B6783FBE}] C:\Documents and Settings\Kelly\Application Data\Mire\kiwa.exe File not found

O4 - HKCU..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [Hjeki] C:\WINDOWS\hicfrvce.DLL File not found

O4 - HKCU..\Run: [MKfPcsonalift.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHA6lBnEixosWCqfwklOiQ4z+PHhWGvMhwpMiIDz1qJMmyJcFU

qVxOBCmzpsCVFGOitFlRIkycBE1+/JgRqEGaR4cKDfovlUmJUJVKpbh06FGnG3cO1CgUqdWCXi96

hEkWYkadEKsi5KiWp8CMDY0+lOu250GyMLUKpMaX2s++gJ3yFfwRsOHDiP0qTsy4cV/Bjx1DhuzY

MOXKmCnbPEzWL9q7fj6jbFtyIOGODSWGpnty70TWdVNr7drU88/LfVd3zurVa0yofFPyhuu6NOyk

UWkmn70wbGy9RMsG5Tq4utPrfoVHFF0cbMLQF7lD/zz+nKVJ8W/xcgyN/qXtvNcpo/UJfeRInGpT

TUHoh/TXgv1lldSAU5WHUXdX4dUUTPf54aBGqxllm2Lx4RZcXyg9CB1/Dn5GHkMfGmgTVt0FZxBe

Z2kY0oXM0edeZyguBlxhgZl40HoPAqXcfwYFSKBzBIq41o8L6dZeWyRGtNSEPkElGmM05qbhhqO9

JGRLVa1IGIwUMthZdQ+ql1dh8Q3GoGeLiUmNkdnFdN2CKCqI4D/UAZcYZN3B5t+VaSH5VXLr6YQi

akkRt9BkFEaG3aLBMYoodob1B5hU1iXqqI01SSrgXi4ihJWDU/gRaqgPXsiia3Zi2mB2ywW1pJJw

/v9GZ3TvoejjQeRBWSKVJI256VsJieYrrrutuWaFWO04Fq+HetarohNeOeNGpwH4GZCzMtWUae1d

BeidKfb4U4BRsTfjcnypCCxzCk1JZ5y18qhtsEW521xkjXZ7YHduspVaRsdyxVuUGMpLzRSjdpik

d+hWCVWOOeoHsaswejkhpCLlOMWRppaY6GBUzreXrPNGlREKU6C8n09wPewgqm6qhy9RCCOMssp5

sbVstufVmWphnEZFqqhE3+hUaKFWTNaDpKa1baonI6zovrXpayI1Kt+8H0pertVVf3iJOirCYtf8

8lFrvlThsYvemO2sUaH6Vb0dfgcxafYRJSoKfPf/jWHcXQo6p182T8FX3ynfqlqKSY7lL8swlp1y

zZSj/N7F0uEqcNAE3Tpy0wgezHR7EoO6p2l7960632gSLBWjBBV+81uhqdz5wn6xB5asaYPFsuTA

C0WYqUKxR7em5Nn7EcSwMY+eUKvzjfB1fK8kHct/m3pdytKjkOxH3I8rd0gRn1lrnDqJrXLZp241

cpWuMp+woW7fNGXCoXZVFKn6vtS992Cp3oGGtS2RSaRyBRNIzY50tA7pblLNEpuoOHKW7FBNXtNh

XsTAZhZQ5ShYDjwbkZzkt/Qo0HC+YxCAniIQ6f3mMX7AGfrqlbPfhMZJ95ocwgoFMBHCynceTF9/

/zyYtNcQrYgggcrQQhWku/BNJ0+8Sf0I2B4JvslNk/tbh+z0p6HcMCsxoRxd7jOoOdGpVNYqylkm

cjwfom5izcFI9SQiPSk+jUerqUwqbvYY/XAPBWvaos4QI6yybMk2NQOgq/6jo7OM6WFI3F0Q2XhE

B1GIaZW0JLMKsj7VqeYhhnyKDiWnta0xzG2pUsx/yDK/mfVIISpMkRsjshqqaPCWzDvdQP7oyW3V

L4VEIZ/Whtk9CSlrKLwzjWfq9A/KrcyCUTpaZBDUoVGxEJIhGk0lE+bBbhKNZA7ZYyeZ+LaGxAyZ

4BFn4TZ2uJR5x4ym6WK5cibGrdCtgTrRGQ0Ho/880OjSi7iUX8R+eSMB/oN1n5zXjSgInqEU7ou7

RNl8WIgcpTyGdjEUoyaH50XaVbBHgnSl+4Y0vqYQjYgn9dJJRXg6F97HLO9aiQMPKrUeJe6drdnO

F01GOdq8K3f9C9PtdBOhknwspmHC1FbgKBzuFS9vCCKOhsoyuc29BWe6AWrnghOmszWMTipLmkoc

qRfnBRRpChvp3GS2k/1tcTaYNNw/M7qaHSZ0Q7JsaDwzclMATQ5nQH3ggow3w2Q605F5BZsli9Iu

TXK1dKLKi7kylzGmgjRH2AJi9FDYxG5SykpYc+cZM4o47ylLqTCEmEoTqbCl7SZZ2MqdCBso0MH/

sauZlQzWEvvHyT9WtUg/AVGKnLmxvZktny9bHFFDmKCjmU1TauMSfJDVGcw+bZkrzeZl+/lGoabk

j7NcJX5AWi9k2kxroJoehJKrF2h2LoQqO1giKYiYWtKnYU5S7aA2SFK7De15zLvgQkmzRntGqKs0

NG5Y9zOsQTlHufRrJnFr5p8byshMkApkqdhS3nJ20Lo3CrAJ+xs37wytqwUqsWuMu7H5kMhGN2Tc

gZW6l0TaeIHiiZsazRRNKXETk+nzKQY1Bh6v4C9AvAWudtF2xQRq5UlwKSPAAnuWsZmNuOJZG5ye

EpjsYlbF9Arb8UhnLmfJJqpLNie85GbCNxWn/0lfFA110uvMlC7XSA68joRoRDduFgVQxhMsSDJZ

H/dscl56Lc/FbMMpgo5MOiIbmeTYeZc4DfFTiIWQmFxb1FMahka49S4sr7UrpqgmvP21yH25hr6S

jk/GmfbMqBh3m1QHDIOoilQID/y9/G64OmAG53jSTBLAJblr5/NSDWuNNu1U6UsXxle0gZ0oAhE1

1hhKsklXImSZlBhkJc4wo6h9qUXR2lJdqlS50wTRIrHKyfA0NUCR8+kT5ROnHUF324wtoyYbkFu2

1dFSHEnjJuI7uO1aV6MLHlPGHTOO6io1s2I7lRWp7T9VIY6/fOma/i3z3vH+IUas2jllyk1Suf8x

VG/kWfAIK5oqkc6JpzJ+qzKSRHcA4hatB4zrlLQbS3EM+ZDAfJLYFpwtnYbTz/+08a9cWzeNTg0E

ZyJ0A/3znwpdS7dMFC5OyYk/iB1TQ8dLlJlMXUgUz5t/dFYgp7HZouP+rEpmqnNej/Eljj0Q1kHd

7c1YveelOTOUCpZp+i1tLgRU+N+93Xax4Nsuag+KeC49ZUSByUOHryjDF+Z2Pg3s6p5fa7q6bnGv

1QjcZKV6bFql+i7uKoFdQW3jnXY1WOuo2Z99+8gJDimXv7P0ON176KvOE9cKRtuOrohro5v4RQ7f

JW1JosGVzLhUtz7rlGwZMlXu+uejPTypd7YZ9xHd9fHXpe/wjH7QH0/854B5LCw9tEUCAgA7] C:\WINDOWS\win16.exe File not found

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Kelly\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [Yahoo! Pager] File not found

O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found

O4 - Startup: C:\Documents and Settings\Kelly\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} http://www.ubah.com/commonscripts/xstandar...n/XStandard.cab (XStandard)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab (DLM Control)

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (Reg Error: Key error.)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.photofinale.com/ImageUploader3/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://www.kroccenterdayton.com/activex/AMC.cab (AxisMediaControlEmb Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://216.201.164.237/JpegInst.cab (pmjpegcam Class)

O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: dwwivr32 - (C:\WINDOWS\system32\CIDAdiag.dll) - C:\WINDOWS\SYSTEM32\CIDAdiag.dll ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\Documents and Settings\Kelly\Desktop\Bookfairteachergiftcertificate.

[2010/10/12 07:58:50 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.scr

[2010/10/12 07:58:40 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTH.scr

[2010/10/12 02:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\sys32

[2010/10/10 15:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}

[2010/10/10 13:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real

[2010/10/07 08:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft

[2010/09/21 09:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Bitrix Security

[2010/09/20 09:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/09/20 07:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair

[2010/09/20 00:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun

[2010/09/19 21:09:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/09/19 21:09:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/09/19 21:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/19 10:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update

[2010/09/18 11:07:19 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2010/09/18 11:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/09/18 11:06:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\CED3DF1E01D145ADBF3364AE5E8843B8.TMP

[2010/09/18 11:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/09/18 00:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/09/18 00:34:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/09/17 22:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/09/17 19:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/09/09 08:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Outlook recovery

[2010/09/09 08:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\New Folder (2)

[2010/09/09 08:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Outlook Recovery Toolbox

[2010/09/09 08:25:36 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll

[2010/09/09 08:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Recovery Toolbox

[2010/09/09 07:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/09/08 20:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\HowTo-Outlook

[2010/09/07 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/03 15:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\My Barnes & Noble eBooks

[2010/09/03 15:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Barnes & Noble

[2010/09/03 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble

[2010/08/23 10:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Elluminate

[2010/08/18 16:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\K12

[2010/08/05 23:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\My Google Gadgets

[2010/08/03 15:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/08/01 23:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Malwarebytes

[2010/08/01 23:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/08/01 23:09:56 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kelly\My Documents\mbam-setup.exe

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

File not found -- C:\Documents and Settings\Kelly\Desktop\Bookfairteachergiftcertificate.

[2010/10/12 07:58:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.scr

[2010/10/12 07:58:42 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTH.scr

[2010/10/11 21:21:23 | 000,178,176 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\RKUnhookerLE.EXE

[2010/10/11 15:50:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vasrijd.sys

[2010/10/11 14:58:40 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\pcwfr.sys

[2010/10/11 11:03:24 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\pmdljlwe.sys

[2010/10/11 11:02:17 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\HiJackThis.msi

[2010/10/11 10:58:48 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Phantom of the Opera, The Soundtrack Lyrics.url

[2010/10/11 10:55:27 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Sales Contact Management Software Oprius.url

[2010/10/11 10:15:38 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qmcgf.sys

[2010/10/11 07:09:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\xbpa.sys

[2010/10/10 21:16:17 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\avira_antivir_personal_en.exe

[2010/10/10 21:14:39 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hjwn.sys

[2010/10/10 20:39:58 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/10/10 20:34:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/10/10 20:32:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/10/10 19:23:11 | 000,001,186 | ---- | M] () -- C:\WINDOWS\fpexplor.INI

[2010/10/10 18:15:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jpaqanariga.dat

[2010/10/10 15:58:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xnido.bin

[2010/10/10 15:57:04 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\444.bat

[2010/10/10 15:57:01 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\asdsada.bat

[2010/10/10 15:56:39 | 000,047,104 | -H-- | M] () -- C:\WINDOWS\System32\CIDAdiag.dll

[2010/10/10 15:56:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/08 09:54:38 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\weekly buzz.doc

[2010/10/07 19:46:14 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FDD519B-6D38-4EAE-87BD-8220B8C315D1}.job

[2010/10/07 12:25:00 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk

[2010/10/05 14:26:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/04 12:06:21 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI

[2010/09/20 07:47:06 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Free Window Registry Repair.lnk

[2010/09/19 21:10:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/19 14:41:22 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/09/19 14:41:08 | 000,442,798 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2010/09/19 14:41:08 | 000,072,080 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2010/09/19 10:57:45 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/18 11:07:25 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\SpyHunter.lnk

[2010/09/18 09:54:00 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB

[2010/09/17 18:30:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (4PEACHES-Mike).job

[2010/09/13 18:39:06 | 000,051,121 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\box tops.pdf

[2010/09/13 13:11:50 | 000,013,708 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\1609.pdf

[2010/09/12 14:52:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/09/10 14:54:50 | 004,363,916 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\george2008257.pdf

[2010/09/09 09:24:48 | 000,044,831 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\jill.pdf

[2010/09/08 15:26:16 | 000,485,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/08 15:22:49 | 000,000,737 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/09/08 11:34:40 | 000,026,860 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Personal Address Book.ADR

[2010/09/08 08:46:55 | 000,866,418 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Healthy-Recipes-web.pdf

[2010/09/05 18:14:47 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\bookroom round.doc

[2010/09/03 15:34:21 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\NOOK for PC.lnk

[2010/08/31 20:44:27 | 000,038,919 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\george256.pdf

[2010/08/31 15:51:11 | 000,321,632 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\george255.pdf

[2010/08/30 08:57:38 | 000,431,434 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\ridenour clear254.pdf

[2010/08/29 12:44:11 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/08/27 17:43:19 | 016,128,864 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\hewitt.mp3

[2010/08/26 21:53:36 | 000,019,037 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\kelly.JPG

[2010/08/26 21:36:06 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\adam.bmp

[2010/08/22 10:10:26 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/18 23:06:25 | 000,052,870 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\joann to kelley.pdf

[2010/08/17 10:49:03 | 000,038,824 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\school supplies paid.pdf

[2010/08/15 15:38:25 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\ubah mail.url

[2010/08/09 23:09:03 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\pto back to school welcome.doc

[2010/08/05 22:19:11 | 000,054,828 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\One Night In The Zoo - counting.pdf

[2010/08/05 22:16:00 | 000,046,315 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\Noodle Pie - middle grade fiction.pdf

[2010/08/03 17:41:03 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Abby and Adam's Yahoo! page.url

[2010/08/03 15:05:44 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/08/02 09:24:00 | 002,510,102 | R--- | M] () -- C:\Documents and Settings\Kelly\Desktop\group2010

[2010/08/01 23:09:56 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kelly\My Documents\mbam-setup.exe

[2010/08/01 23:07:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\rkill.com

[2010/07/29 23:58:06 | 000,370,050 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\vendor app253.pdf

[2010/07/28 10:01:55 | 000,017,400 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Summerail 2010 dealer_flyer.pdf

[2010/07/27 15:43:30 | 000,504,424 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\clear george252.pdf

[2010/07/26 11:42:35 | 000,017,400 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\Summerail 2010 dealer_flyer.pdf

[2010/07/20 22:15:22 | 000,401,529 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\mars251.pdf

[2010/07/20 17:57:10 | 000,408,576 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\stars dinner.pub

[2010/07/18 12:34:33 | 000,008,641 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\camp.PDF

[2010/07/16 13:27:48 | 000,264,968 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\veryfirstreading.pdf

[2010/07/15 12:35:17 | 000,063,479 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\0630kellyroth.pdf

[2010/07/15 12:29:22 | 000,055,567 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\amerfunds.pdf

[2010/07/15 12:27:17 | 000,056,045 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\kellyira.pdf

[2010/07/15 12:25:22 | 000,020,418 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\0521amex.pdf

[2010/07/15 12:24:38 | 000,020,395 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\0621amex.pdf

[2010/07/15 12:20:07 | 000,268,194 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\0521checking.pdf

[2010/07/15 12:19:26 | 000,268,558 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\0623checking.pdf

[2010/07/15 10:47:53 | 000,338,295 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\jennifer250.pdf

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 21:08:30 | 000,178,176 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\RKUnhookerLE.EXE

[2010/10/11 15:50:06 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vasrijd.sys

[2010/10/11 14:58:40 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pcwfr.sys

[2010/10/11 11:03:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pmdljlwe.sys

[2010/10/11 11:02:13 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\HiJackThis.msi

[2010/10/11 10:15:38 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qmcgf.sys

[2010/10/11 07:09:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xbpa.sys

[2010/10/10 21:16:13 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\avira_antivir_personal_en.exe

[2010/10/10 21:14:39 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hjwn.sys

[2010/10/10 15:57:04 | 000,002,256 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\444.bat

[2010/10/10 15:57:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\asdsada.bat

[2010/10/10 15:56:39 | 000,047,104 | -H-- | C] () -- C:\WINDOWS\System32\CIDAdiag.dll

[2010/10/08 08:05:27 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\weekly buzz.doc

[2010/10/05 12:28:51 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk

[2010/09/20 07:47:06 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Free Window Registry Repair.lnk

[2010/09/19 21:10:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/19 10:42:14 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/18 11:07:25 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\SpyHunter.lnk

[2010/09/17 19:44:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpaqanariga.dat

[2010/09/17 19:44:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xnido.bin

[2010/09/13 18:39:06 | 000,051,121 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\box tops.pdf

[2010/09/13 13:11:50 | 000,013,708 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\1609.pdf

[2010/09/10 14:54:44 | 004,363,916 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\george2008257.pdf

[2010/09/08 11:34:40 | 000,026,860 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\Personal Address Book.ADR

[2010/09/08 08:46:55 | 000,866,418 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Healthy-Recipes-web.pdf

[2010/09/07 15:20:51 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/09/03 15:34:21 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\NOOK for PC.lnk

[2010/08/31 20:44:27 | 000,038,919 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\george256.pdf

[2010/08/31 15:51:11 | 000,321,632 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\george255.pdf

[2010/08/30 08:57:37 | 000,431,434 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\ridenour clear254.pdf

[2010/08/30 08:04:06 | 000,044,831 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\jill.pdf

[2010/08/27 17:43:16 | 016,128,864 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\hewitt.mp3

[2010/08/26 21:50:59 | 000,019,037 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\kelly.JPG

[2010/08/26 21:36:05 | 001,166,454 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\adam.bmp

[2010/08/17 22:38:54 | 000,052,870 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\joann to kelley.pdf

[2010/08/17 10:48:59 | 000,038,824 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\school supplies paid.pdf

[2010/08/13 03:32:11 | 000,284,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/08/09 23:09:03 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\pto back to school welcome.doc

[2010/08/05 22:19:11 | 000,054,828 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\One Night In The Zoo - counting.pdf

[2010/08/05 22:16:00 | 000,046,315 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\Noodle Pie - middle grade fiction.pdf

[2010/08/02 13:24:35 | 002,510,102 | R--- | C] () -- C:\Documents and Settings\Kelly\Desktop\group2010

[2010/08/01 23:07:34 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\rkill.com

[2010/07/29 23:58:06 | 000,370,050 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\vendor app253.pdf

[2010/07/28 10:01:55 | 000,017,400 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Summerail 2010 dealer_flyer.pdf

[2010/07/27 15:43:29 | 000,504,424 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\clear george252.pdf

[2010/07/26 11:42:35 | 000,017,400 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\Summerail 2010 dealer_flyer.pdf

[2010/07/20 22:15:22 | 000,401,529 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\mars251.pdf

[2010/07/18 12:34:28 | 000,008,641 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\camp.PDF

[2010/07/16 13:27:48 | 000,264,968 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\veryfirstreading.pdf

[2010/07/15 12:35:17 | 000,063,479 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\0630kellyroth.pdf

[2010/07/15 12:29:22 | 000,055,567 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\amerfunds.pdf

[2010/07/15 12:27:17 | 000,056,045 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\kellyira.pdf

[2010/07/15 12:25:22 | 000,020,418 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\0521amex.pdf

[2010/07/15 12:23:27 | 000,020,395 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\0621amex.pdf

[2010/07/15 12:20:07 | 000,268,194 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\0521checking.pdf

[2010/07/15 12:19:26 | 000,268,558 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\0623checking.pdf

[2010/07/15 10:47:53 | 000,338,295 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\jennifer250.pdf

[2010/03/04 23:57:08 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2009/12/30 16:11:10 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/27 13:33:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Bundle

[2009/12/27 13:33:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kelly\Application Data\Booms

[2009/12/27 13:33:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2009/12/27 13:33:25 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Channel

[2009/08/23 18:27:12 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\1c64-ec47-1438-983d_6279rc

[2008/06/10 18:43:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2008/06/10 18:43:00 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2007/11/30 19:17:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2007/11/30 19:16:49 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2007/09/11 10:07:40 | 000,000,638 | ---- | C] () -- C:\WINDOWS\pdf2web.INI

[2006/11/06 18:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2006/04/25 19:02:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006/01/30 08:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini

[2006/01/27 22:11:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini

[2006/01/13 17:06:15 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2006/01/13 17:05:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2006/01/12 03:22:11 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2006/01/02 20:31:05 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/01/02 16:25:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI

[2005/09/21 12:54:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll

[2005/09/21 12:54:16 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2005/09/14 18:07:22 | 000,001,186 | ---- | C] () -- C:\WINDOWS\fpexplor.INI

[2005/09/14 18:06:27 | 000,000,606 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2005/07/16 21:01:01 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2005/06/03 13:41:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2005/05/29 00:04:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI

[2005/05/29 00:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini

[2005/05/29 00:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2005/05/29 00:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2005/05/28 23:36:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\QBWCD.INI

[2005/04/24 16:39:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini

[2005/04/24 16:38:40 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2005/04/24 16:36:17 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2005/04/24 16:36:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2005/04/24 16:33:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini

[2005/04/03 19:37:22 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/04/02 11:23:45 | 000,028,444 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2005/03/29 09:43:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/03/29 09:41:49 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/03/29 09:10:02 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/10 15:03:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/04 07:00:00 | 000,533,568 | ---- | C] () -- C:\WINDOWS\System32\mshmeyxp.dll

[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2002/11/13 03:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll

[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2006/03/29 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery

[2005/05/27 20:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software

[2008/10/21 19:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output

[2009/12/27 13:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/12/27 13:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008/12/04 20:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2006/11/29 20:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2005/04/03 19:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2008/01/18 10:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/27 13:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2010/10/10 18:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update

[2006/04/26 14:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2010/04/06 15:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/15 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/28 14:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/02/07 19:02:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Kelly\Application Data\.#

[2006/04/25 19:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\acccore

[2010/10/08 00:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Aktiar

[2010/09/03 15:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Barnes & Noble

[2010/09/29 14:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Bitrix Security

[2008/10/21 19:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\eFax Messenger

[2010/08/23 12:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Elluminate

[2010/10/08 00:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Elup

[2010/10/10 18:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Emisid

[2010/04/16 16:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\EPSON

[2007/06/08 23:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\FUJIFILM

[2008/06/04 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GARMIN

[2010/02/08 12:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ieSpell

[2008/10/21 19:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\j2 Global

[2005/04/02 14:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Leadertech

[2010/10/05 12:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\LimeWire

[2010/10/11 14:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mire

[2009/08/23 18:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\My Sam's Club Digital Photo Center

[2009/12/27 13:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Nikon

[2010/10/07 19:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Noadb

[2009/06/07 14:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Octoshape

[2007/06/27 09:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\OverDrive

[2010/10/08 16:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Oxugu

[2006/01/13 17:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\pdf995

[2007/10/09 16:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Printer Info Cache

[2009/02/05 18:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\School Zone Preferences

[2005/07/16 21:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Smart Panel

[2008/07/08 20:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Snapfish

[2006/03/27 11:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Trevoli

[2010/10/10 18:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Uppeat

[2010/10/05 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Veuq

[2010/07/16 11:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\W Photo Studio

[2010/07/16 11:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\W Photo Studio Viewer

[2010/10/12 07:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Xozu

[2010/10/10 20:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Zeohi

[2010/10/10 20:39:58 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/10/07 19:46:14 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0FDD519B-6D38-4EAE-87BD-8220B8C315D1}.job

========== Purity Check ==========

< End of report >

[KellyG]

now I'm unable to post a reply with the extras log pasted!

[KellyG]

trying it as an attachment

Extras.Txt

[Elise]

That is a lot of malware showing up....

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[KellyG]

I receive this message and am not sure if it is from my malware or if it is legitimate:

!! ALERT !! It is NOT SAFE to continue

The contents of the ComboFix package has been compromised. Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut"

[KellyG]

It worked on a second try. Computer still won't complete a reboot, but the ComboFix ran completely. Log:

ComboFix 10-10-11.05 - Kelly 10/12/2010 20:17:46.1.2 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1632 [GMT -4:00]

Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\.wtav

c:\documents and settings\Kelly\Application Data\.#

c:\documents and settings\Kelly\Application Data\Bitrix Security

c:\documents and settings\Kelly\Application Data\Bitrix Security\arm

c:\documents and settings\Kelly\Application Data\Bitrix Security\fadosvlk_shrd

c:\documents and settings\Kelly\Application Data\Bitrix Security\jje.txt

c:\documents and settings\Kelly\Application Data\Bitrix Security\ljgh.txt

c:\documents and settings\Kelly\Application Data\Bitrix Security\mxd1.txt

c:\documents and settings\Kelly\Application Data\Bitrix Security\plk.txt

c:\documents and settings\Kelly\Application Data\Bitrix Security\qnf.txt

c:\documents and settings\Kelly\Application Data\Eqit

c:\documents and settings\Kelly\Application Data\Eqit\lyziy.exe

c:\documents and settings\Kelly\g2mdlhlpx.exe

c:\documents and settings\Kelly\Local Settings\Application Data\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}

c:\documents and settings\Kelly\Local Settings\Application Data\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}\chrome.manifest

c:\documents and settings\Kelly\Local Settings\Application Data\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}\chrome\content\_cfg.js

c:\documents and settings\Kelly\Local Settings\Application Data\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}\chrome\content\overlay.xul

c:\documents and settings\Kelly\Local Settings\Application Data\{4C71CF14-33BE-44B4-A27E-41B2811E8A50}\install.rdf

c:\documents and settings\Mike\Application Data\Ireh

c:\documents and settings\Mike\Application Data\Ireh\fusid.tmp

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf

c:\windows\Downloaded Program Files\Install.inf

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\CIDAdiag.dll

c:\windows\system32\Iasv32.dll

c:\windows\umowoyuliwol.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_IAS

-------\Legacy_USERINIT

-------\Service_6to4

-------\Service_Ias

((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))

.

2010-10-12 18:41 . 2010-10-12 21:24 -------- d-----w- c:\program files\sys32

2010-10-10 19:57 . 2010-10-10 19:57 2256 ----a-w- c:\documents and settings\Kelly\Application Data\444.bat

2010-10-10 19:57 . 2010-10-10 19:57 129 ----a-w- c:\documents and settings\Kelly\Application Data\asdsada.bat

2010-10-07 12:08 . 2010-10-07 12:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft

2010-10-06 16:47 . 2010-09-16 14:24 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EFABE5B-3447-4469-91CA-F3652BEF5A57}\mpengine.dll

2010-10-04 15:58 . 2010-10-04 15:58 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes

2010-09-20 13:37 . 2010-09-20 13:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-20 11:47 . 2010-10-08 12:31 -------- d-----w- c:\program files\Free Window Registry Repair

2010-09-20 01:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-20 01:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-20 01:09 . 2010-09-20 01:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-19 14:42 . 2010-10-10 22:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Update

2010-09-18 15:07 . 2010-09-18 15:07 110080 ----a-r- c:\documents and settings\Kelly\Application Data\Microsoft\Installer\{CED3DF1E-01D1-45AD-BF33-64AE5E8843B8}\IconF7A21AF7.exe

2010-09-18 15:07 . 2010-09-18 15:07 110080 ----a-r- c:\documents and settings\Kelly\Application Data\Microsoft\Installer\{CED3DF1E-01D1-45AD-BF33-64AE5E8843B8}\IconD7F16134.exe

2010-09-18 15:07 . 2010-09-18 15:07 -------- dc----w- C:\sh4ldr

2010-09-18 15:07 . 2010-09-18 15:07 -------- d-----w- c:\program files\Enigma Software Group

2010-09-18 15:06 . 2010-09-18 15:07 -------- d-----w- c:\windows\CED3DF1E01D145ADBF3364AE5E8843B8.TMP

2010-09-18 15:06 . 2010-09-18 15:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-18 04:07 . 2010-09-18 04:07 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-17 23:51 . 2010-09-17 23:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-09-17 23:44 . 2010-10-10 19:58 0 ----a-w- c:\windows\Xnido.bin

2010-09-17 23:44 . 2010-09-18 04:07 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\{B26B9AB1-6754-4160-993E-3F4F5258624E}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="1" [X]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Octoshape Streaming Services"="c:\documents and settings\Kelly\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"Aim6"="c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 50792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Mike\Start Menu\Programs\Startup\

odseqa.exe [2010-10-10 139264]

c:\documents and settings\Kelly\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 548864]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

uqpae.exe [2010-10-10 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2006-03-24 01:13 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-03-24 01:17 118784 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

2010-10-08 13:09 102400 ----a-w- c:\program files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]

2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-10-08 12:31 466944 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

2004-11-11 04:15 111816 ----a-w- c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=

"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=

"c:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1146006209\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1146006209\\ee\\aim6.exe"=

"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"=

"c:\\FrontPage Webs\\Server\\vhttpd32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S0 bqnq;bqnq;c:\windows\system32\drivers\yogyp.sys --> c:\windows\system32\drivers\yogyp.sys [?]

S0 gxnopw;gxnopw;c:\windows\system32\drivers\pmdljlwe.sys --> c:\windows\system32\drivers\pmdljlwe.sys [?]

S0 iarbs;iarbs;c:\windows\system32\drivers\qwjo.sys --> c:\windows\system32\drivers\qwjo.sys [?]

S0 imsqee;imsqee;c:\windows\system32\drivers\lywmnc.sys --> c:\windows\system32\drivers\lywmnc.sys [?]

S0 ixhbxgt;ixhbxgt;c:\windows\system32\drivers\abfrwhij.sys --> c:\windows\system32\drivers\abfrwhij.sys [?]

S0 lhqiinpv;lhqiinpv;c:\windows\system32\drivers\qmcgf.sys --> c:\windows\system32\drivers\qmcgf.sys [?]

S0 sqvpvax;sqvpvax;c:\windows\system32\drivers\onfj.sys --> c:\windows\system32\drivers\onfj.sys [?]

S0 utnhogb;utnhogb;c:\windows\system32\drivers\xbpa.sys --> c:\windows\system32\drivers\xbpa.sys [?]

S0 wpxms;wpxms;c:\windows\system32\drivers\pcwfr.sys --> c:\windows\system32\drivers\pcwfr.sys [?]

S0 yibc;yibc;c:\windows\system32\drivers\hjwn.sys --> c:\windows\system32\drivers\hjwn.sys [?]

S0 yuhrtih;yuhrtih;c:\windows\system32\drivers\vasrijd.sys --> c:\windows\system32\drivers\vasrijd.sys [?]

S1 afxcaavh;afxcaavh;\??\c:\windows\system32\drivers\afxcaavh.sys --> c:\windows\system32\drivers\afxcaavh.sys [?]

S1 eebylzuv;eebylzuv;\??\c:\windows\system32\drivers\eebylzuv.sys --> c:\windows\system32\drivers\eebylzuv.sys [?]

S1 iitkwujl;iitkwujl;\??\c:\windows\system32\drivers\iitkwujl.sys --> c:\windows\system32\drivers\iitkwujl.sys [?]

S1 miavviby;miavviby;\??\c:\windows\system32\drivers\miavviby.sys --> c:\windows\system32\drivers\miavviby.sys [?]

S1 nxbxdyuf;nxbxdyuf;\??\c:\windows\system32\drivers\nxbxdyuf.sys --> c:\windows\system32\drivers\nxbxdyuf.sys [?]

S1 olzakbne;olzakbne;\??\c:\windows\system32\drivers\olzakbne.sys --> c:\windows\system32\drivers\olzakbne.sys [?]

S1 ppaabpno;ppaabpno;\??\c:\windows\system32\drivers\ppaabpno.sys --> c:\windows\system32\drivers\ppaabpno.sys [?]

S1 sfumqbrz;sfumqbrz;\??\c:\windows\system32\drivers\sfumqbrz.sys --> c:\windows\system32\drivers\sfumqbrz.sys [?]

S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [7/14/2010 3:19 PM 326488]

S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 6:10 PM 5248]

S3 Normandy;Normandy SR2; [x]

.

Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-10-07 c:\windows\Tasks\User_Feed_Synchronization-{0FDD519B-6D38-4EAE-87BD-8220B8C315D1}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://app.oprius.com/email/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB

DPF: {0EED7206-1661-11D7-84A3-00606744831D} - hxxp://www.ubah.com/commonscripts/xstandard/bin/XStandard.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.kroccenterdayton.com/activex/AMC.cab

DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://216.201.164.237/JpegInst.cab

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Hjeki - c:\windows\hicfrvce.dll

HKCU-Run-{DFFA8137-3B9E-A024-A569-AEC2B6783FBE} - c:\documents and settings\Kelly\Application Data\Eqit\lyziy.exe

HKLM-Run-Sfuyeno - c:\windows\umowoyuliwol.dll

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-wxwcvtfb - c:\documents and settings\Mike\Local Settings\Application Data\fetppjajr\kggtctrtssd.exe

MSConfigStartUp-{77D286CA-56A8-65FF-0BBA-C44ED27AB5DE} - c:\documents and settings\Mike\Application Data\Abhya\wuqoo.exe

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A73EC76]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf76bbf28

\Driver\ACPI -> ACPI.sys @ 0xf75aecb8

\Driver\atapi -> atapi.sys @ 0xf74ae852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

NDIS: -> SendCompleteHandler -> 0x0

PacketIndicateHandler -> 0x0

SendHandler -> 0x0

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MKfPcsonalift.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHA6lBnEixosWCqfwklOiQ4z+PHhWGvMhwpMiIDz1qJMmyJcFU

qVxOBCmzpsCVFGOitFlRIkycBE1+/JgRqEGaR4cKDfovlUmJUJVKpbh06FGnG3cO1CgUqdWCXi96

hEkWYkadEKsi5KiWp8CMDY0+lOu250GyMLUKpMaX2s++gJ3yFfwRsOHDiP0qTsy4cV/Bjx1DhuzY

MOXKmCnbPEzWL9q7fj6jbFtyIOGODSWGpnty70TWdVNr7drU88/LfVd3zurVa0yofFPyhuu6NOyk

UWkmn70wbGy9RMsG5Tq4utPrfoVHFF0cbMLQF7lD/zz+nKVJ8W/xcgyN/qXtvNcpo/UJfeRInGpT

TUHoh/TXgv1lldSAU5WHUXdX4dUUTPf54aBGqxllm2Lx4RZcXyg9CB1/Dn5GHkMfGmgTVt0FZxBe

Z2kY0oXM0edeZyguBlxhgZl40HoPAqXcfwYFSKBzBIq41o8L6dZeWyRGtNSEPkElGmM05qbhhqO9

JGRLVa1IGIwUMthZdQ+ql1dh8Q3GoGeLiUmNkdnFdN2CKCqI4D/UAZcYZN3B5t+VaSH5VXLr6YQi

akkRt9BkFEaG3aLBMYoodob1B5hU1iXqqI01SSrgXi4ihJWDU/gRaqgPXsiia3Zi2mB2ywW1pJJw

/v9GZ3TvoejjQeRBWSKVJI256VsJieYrrrutuWaFWO04Fq+HetarohNeOeNGpwH4GZCzMtWUae1d

BeidKfb4U4BRsTfjcnypCCxzCk1JZ5y18qhtsEW521xkjXZ7YHduspVaRsdyxVuUGMpLzRSjdpik

d+hWCVWOOeoHsaswejkhpCLlOMWRppaY6GBUzreXrPNGlREKU6C8n09wPewgqm6qhy9RCCOMssp5

sbVstufVmWphnEZFqqhE3+hUaKFWTNaDpKa1baonI6zovrXpayI1Kt+8H0pertVVf3iJOirCYtf8

8lFrvlThsYvemO2sUaH6Vb0dfgcxafYRJSoKfPf/jWHcXQo6p182T8FX3ynfqlqKSY7lL8swlp1y

zZSj/N7F0uEqcNAE3Tpy0wgezHR7EoO6p2l7960632gSLBWjBBV+81uhqdz5wn6xB5asaYPFsuTA

C0WYqUKxR7em5Nn7EcSwMY+eUKvzjfB1fK8kHct/m3pdytKjkOxH3I8rd0gRn1lrnDqJrXLZp241

cpWuMp+woW7fNGXCoXZVFKn6vtS992Cp3oGGtS2RSaRyBRNIzY50tA7pblLNEpuoOHKW7FBNXtNh

XsTAZhZQ5ShYDjwbkZzkt/Qo0HC+YxCAniIQ6f3mMX7AGfrqlbPfhMZJ95ocwgoFMBHCynceTF9/

/zyYtNcQrYgggcrQQhWku/BNJ0+8Sf0I2B4JvslNk/tbh+z0p6HcMCsxoRxd7jOoOdGpVNYqylkm

cjwfom5izcFI9SQiPSk+jUerqUwqbvYY/XAPBWvaos4QI6yybMk2NQOgq/6jo7OM6WFI3F0Q2XhE

B1GIaZW0JLMKsj7VqeYhhnyKDiWnta0xzG2pUsx/yDK/mfVIISpMkRsjshqqaPCWzDvdQP7oyW3V

L4VEIZ/Whtk9CSlrKLwzjWfq9A/KrcyCUTpaZBDUoVGxEJIhGk0lE+bBbhKNZA7ZYyeZ+LaGxAyZ

4BFn4TZ2uJR5x4ym6WK5cibGrdCtgTrRGQ0Ho/880OjSi7iUX8R+eSMB/oN1n5zXjSgInqEU7ou7

RNl8WIgcpTyGdjEUoyaH50XaVbBHgnSl+4Y0vqYQjYgn9dJJRXg6F97HLO9aiQMPKrUeJe6drdnO

F01GOdq8K3f9C9PtdBOhknwspmHC1FbgKBzuFS9vCCKOhsoyuc29BWe6AWrnghOmszWMTipLmkoc

qRfnBRRpChvp3GS2k/1tcTaYNNw/M7qaHSZ0Q7JsaDwzclMATQ5nQH3ggow3w2Q605F5BZsli9Iu

TXK1dKLKi7kylzGmgjRH2AJi9FDYxG5SykpYc+cZM4o47ylLqTCEmEoTqbCl7SZZ2MqdCBso0MH/

sauZlQzWEvvHyT9WtUg/AVGKnLmxvZktny9bHFFDmKCjmU1TauMSfJDVGcw+bZkrzeZl+/lGoabk

j7NcJX5AWi9k2kxroJoehJKrF2h2LoQqO1giKYiYWtKnYU5S7aA2SFK7De15zLvgQkmzRntGqKs0

NG5Y9zOsQTlHufRrJnFr5p8byshMkApkqdhS3nJ20Lo3CrAJ+xs37wytqwUqsWuMu7H5kMhGN2Tc

gZW6l0TaeIHiiZsazRRNKXETk+nzKQY1Bh6v4C9AvAWudtF2xQRq5UlwKSPAAnuWsZmNuOJZG5ye

EpjsYlbF9Arb8UhnLmfJJqpLNie85GbCNxWn/0lfFA110uvMlC7XSA68joRoRDduFgVQxhMsSDJZ

H/dscl56Lc/FbMMpgo5MOiIbmeTYeZc4DfFTiIWQmFxb1FMahka49S4sr7UrpqgmvP21yH25hr6S

jk/GmfbMqBh3m1QHDIOoilQID/y9/G64OmAG53jSTBLAJblr5/NSDWuNNu1U6UsXxle0gZ0oAhE1

1hhKsklXImSZlBhkJc4wo6h9qUXR2lJdqlS50wTRIrHKyfA0NUCR8+kT5ROnHUF324wtoyYbkFu2

1dFSHEnjJuI7uO1aV6MLHlPGHTOO6io1s2I7lRWp7T9VIY6/fOma/i3z3vH+IUas2jllyk1Suf8x

VG/kWfAIK5oqkc6JpzJ+qzKSRHcA4hatB4zrlLQbS3EM+ZDAfJLYFpwtnYbTz/+08a9cWzeNTg0E

ZyJ0A/3znwpdS7dMFC5OyYk/iB1TQ8dLlJlMXUgUz5t/dFYgp7HZouP+rEpmqnNej/Eljj0Q1kHd

7c1YveelOTOUCpZp+i1tLgRU+N+93Xax4Nsuag+KeC49ZUSByUOHryjDF+Z2Pg3s6p5fa7q6bnGv

1QjcZKV6bFql+i7uKoFdQW3jnXY1WOuo2Z99+8gJDimXv7P0ON176KvOE9cKRtuOrohro5v4RQ7f

JW1JosGVzLhUtz7rlGwZMlXu+uejPTypd7YZ9xHd9fHXpe/wjH7QH0/854B5LCw9tEUCAgA7"="c:\\WINDOWS\\win16.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MKfPcsonalift.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHA6lBnEixosWCqfwklOiQ4z+PHhWGvMhwpMiIDz1qJMmyJcFU

qVxOBCmzpsCVFGOitFlRIkycBE1+/JgRqEGaR4cKDfovlUmJUJVKpbh06FGnG3cO1CgUqdWCXi96

hEkWYkadEKsi5KiWp8CMDY0+lOu250GyMLUKpMaX2s++gJ3yFfwRsOHDiP0qTsy4cV/Bjx1DhuzY

MOXKmCnbPEzWL9q7fj6jbFtyIOGODSWGpnty70TWdVNr7drU88/LfVd3zurVa0yofFPyhuu6NOyk

UWkmn70wbGy9RMsG5Tq4utPrfoVHFF0cbMLQF7lD/zz+nKVJ8W/xcgyN/qXtvNcpo/UJfeRInGpT

TUHoh/TXgv1lldSAU5WHUXdX4dUUTPf54aBGqxllm2Lx4RZcXyg9CB1/Dn5GHkMfGmgTVt0FZxBe

Z2kY0oXM0edeZyguBlxhgZl40HoPAqXcfwYFSKBzBIq41o8L6dZeWyRGtNSEPkElGmM05qbhhqO9

JGRLVa1IGIwUMthZdQ+ql1dh8Q3GoGeLiUmNkdnFdN2CKCqI4D/UAZcYZN3B5t+VaSH5VXLr6YQi

akkRt9BkFEaG3aLBMYoodob1B5hU1iXqqI01SSrgXi4ihJWDU/gRaqgPXsiia3Zi2mB2ywW1pJJw

/v9GZ3TvoejjQeRBWSKVJI256VsJieYrrrutuWaFWO04Fq+HetarohNeOeNGpwH4GZCzMtWUae1d

BeidKfb4U4BRsTfjcnypCCxzCk1JZ5y18qhtsEW521xkjXZ7YHduspVaRsdyxVuUGMpLzRSjdpik

d+hWCVWOOeoHsaswejkhpCLlOMWRppaY6GBUzreXrPNGlREKU6C8n09wPewgqm6qhy9RCCOMssp5

sbVstufVmWphnEZFqqhE3+hUaKFWTNaDpKa1baonI6zovrXpayI1Kt+8H0pertVVf3iJOirCYtf8

8lFrvlThsYvemO2sUaH6Vb0dfgcxafYRJSoKfPf/jWHcXQo6p182T8FX3ynfqlqKSY7lL8swlp1y

zZSj/N7F0uEqcNAE3Tpy0wgezHR7EoO6p2l7960632gSLBWjBBV+81uhqdz5wn6xB5asaYPFsuTA

C0WYqUKxR7em5Nn7EcSwMY+eUKvzjfB1fK8kHct/m3pdytKjkOxH3I8rd0gRn1lrnDqJrXLZp241

cpWuMp+woW7fNGXCoXZVFKn6vtS992Cp3oGGtS2RSaRyBRNIzY50tA7pblLNEpuoOHKW7FBNXtNh

XsTAZhZQ5ShYDjwbkZzkt/Qo0HC+YxCAniIQ6f3mMX7AGfrqlbPfhMZJ95ocwgoFMBHCynceTF9/

/zyYtNcQrYgggcrQQhWku/BNJ0+8Sf0I2B4JvslNk/tbh+z0p6HcMCsxoRxd7jOoOdGpVNYqylkm

cjwfom5izcFI9SQiPSk+jUerqUwqbvYY/XAPBWvaos4QI6yybMk2NQOgq/6jo7OM6WFI3F0Q2XhE

B1GIaZW0JLMKsj7VqeYhhnyKDiWnta0xzG2pUsx/yDK/mfVIISpMkRsjshqqaPCWzDvdQP7oyW3V

L4VEIZ/Whtk9CSlrKLwzjWfq9A/KrcyCUTpaZBDUoVGxEJIhGk0lE+bBbhKNZA7ZYyeZ+LaGxAyZ

4BFn4TZ2uJR5x4ym6WK5cibGrdCtgTrRGQ0Ho/880OjSi7iUX8R+eSMB/oN1n5zXjSgInqEU7ou7

RNl8WIgcpTyGdjEUoyaH50XaVbBHgnSl+4Y0vqYQjYgn9dJJRXg6F97HLO9aiQMPKrUeJe6drdnO

F01GOdq8K3f9C9PtdBOhknwspmHC1FbgKBzuFS9vCCKOhsoyuc29BWe6AWrnghOmszWMTipLmkoc

qRfnBRRpChvp3GS2k/1tcTaYNNw/M7qaHSZ0Q7JsaDwzclMATQ5nQH3ggow3w2Q605F5BZsli9Iu

TXK1dKLKi7kylzGmgjRH2AJi9FDYxG5SykpYc+cZM4o47ylLqTCEmEoTqbCl7SZZ2MqdCBso0MH/

sauZlQzWEvvHyT9WtUg/AVGKnLmxvZktny9bHFFDmKCjmU1TauMSfJDVGcw+bZkrzeZl+/lGoabk

j7NcJX5AWi9k2kxroJoehJKrF2h2LoQqO1giKYiYWtKnYU5S7aA2SFK7De15zLvgQkmzRntGqKs0

NG5Y9zOsQTlHufRrJnFr5p8byshMkApkqdhS3nJ20Lo3CrAJ+xs37wytqwUqsWuMu7H5kMhGN2Tc

gZW6l0TaeIHiiZsazRRNKXETk+nzKQY1Bh6v4C9AvAWudtF2xQRq5UlwKSPAAnuWsZmNuOJZG5ye

EpjsYlbF9Arb8UhnLmfJJqpLNie85GbCNxWn/0lfFA110uvMlC7XSA68joRoRDduFgVQxhMsSDJZ

H/dscl56Lc/FbMMpgo5MOiIbmeTYeZc4DfFTiIWQmFxb1FMahka49S4sr7UrpqgmvP21yH25hr6S

jk/GmfbMqBh3m1QHDIOoilQID/y9/G64OmAG53jSTBLAJblr5/NSDWuNNu1U6UsXxle0gZ0oAhE1

1hhKsklXImSZlBhkJc4wo6h9qUXR2lJdqlS50wTRIrHKyfA0NUCR8+kT5ROnHUF324wtoyYbkFu2

1dFSHEnjJuI7uO1aV6MLHlPGHTOO6io1s2I7lRWp7T9VIY6/fOma/i3z3vH+IUas2jllyk1Suf8x

VG/kWfAIK5oqkc6JpzJ+qzKSRHcA4hatB4zrlLQbS3EM+ZDAfJLYFpwtnYbTz/+08a9cWzeNTg0E

ZyJ0A/3znwpdS7dMFC5OyYk/iB1TQ8dLlJlMXUgUz5t/dFYgp7HZouP+rEpmqnNej/Eljj0Q1kHd

7c1YveelOTOUCpZp+i1tLgRU+N+93Xax4Nsuag+KeC49ZUSByUOHryjDF+Z2Pg3s6p5fa7q6bnGv

1QjcZKV6bFql+i7uKoFdQW3jnXY1WOuo2Z99+8gJDimXv7P0ON176KvOE9cKRtuOrohro5v4RQ7f

JW1JosGVzLhUtz7rlGwZMlXu+uejPTypd7YZ9xHd9fHXpe/wjH7QH0/854B5LCw9tEUCAgA7"="c:\\WINDOWS\\win16.exe"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\WININET.dll

c:\windows\system32\imaadp32.acm

c:\windows\system32\l3codeca.acm

- - - - - - - > 'lsass.exe'(864)

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(480)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

.

**************************************************************************

.

Completion time: 2010-10-12 20:48:28 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-13 00:48

Pre-Run: 6,830,964,736 bytes free

Post-Run: 17,416,695,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0CF6E022E816D574DC652F61F31B99BB

[Elise]

Hi KellyG,

I'm afraid I have very bad news.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

• Understanding virus names
  
• Threat aliases for Win32/Ramnit.A
  

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a sm

[KellyG]

Okay. If I have someone do this for me, is it okay to then move files, music, etc. that I back up from this computer onto the rebuilt system? Or will those files start the infection all over again? I'm assuming that if it is rebuilt correctly, then my system will catch and prevent infection from any compromised files that I want to save... Is that correct?

[Elise]

Yes, unfortunately one infected file is enough to start all over. You can back up data and then scan it first to check it is clean. But best would be to back up only absolutely necessary data.

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!