Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Page 5 of 5 Previous  1, 2, 3, 4, 5

View previous topic View next topic Go down

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sun 21 Aug 2011, 5:41 pm

First topic message reminder :

Hello...I hope this isn't a duplicate, because I went to preview the first e-mail and completely lost the post.

Anyway, it all started when I had to get a new network card and drivers (installed at the computer store here) and a new router (router from my internet provider) and installation program online.

At that time, I was unable to bring up gamehouse.com on a web page. It always says it couldn't locate the page.

Also, if I played a game or if I went to a few sites, I would have to reboot my computer.

I then went to Stopzilla and did a scan. It found 178 problem files. In that scan it had the trojans listed in the subject line. The files are quarantined, but to remove the files I would have to purchase their program (which I am unable to do at this time).

I hope you are able to help me. Thanking you in advance!

OTL Extras logfile created on: 8/21/2011 4:32:10 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 203.10 Mb Available Physical Memory | 39.82% Memory free
1.73 Gb Paging File | 0.66 Gb Available in Paging File | 38.14% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 98.74 Gb Free Space | 66.25% Space Free | Partition Type: NTFS

Computer Name: GINA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10399D88-1CDC-4250-B957-B471EDD68591}_is1" = Jane's Hotel 3
"{15565047-F5FB-4662-81D1-8A3EF376297E}_is1" = Cooking Dash DinerTown Studios
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19D8CFB2-FDDB-4D95-A6B3-CFE3472C2ACF}_is1" = Fitness Dash
"{1C617650-8B88-48D6-A6A2-EBF1744AF372}_is1" = Cash Out
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D4D03C-F70B-43d9-82E4-6E5696FB0D1D}" = IObit Toolbar v4.6
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3121F433-5BB6-4E8A-985A-A3F76B03160F}_is1" = Gold Miner Vegas
"{32C4660C-73A4-48AB-BDB6-231FF324DDEC}_is1" = Delicious 5
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{345034AE-5CB5-42C4-AA43-5993A6004927}_is1" = Ye Old Sandwich Shoppe
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3576A28B-6882-4790-B3C6-780DEA449806}_is1" = Jewel Quest Heritage
"{35BD3C84-8C9D-4ACB-BECF-C04E120D4807}_is1" = Cake Mania Main Street
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{40B6149B-D1F4-4D61-9456-72C5D553110E}_is1" = Keys to Manhattan
"{42AEB776-99CB-4F34-803C-0F99180814B9}_is1" = Luxor 5th Passage
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9751B6-9971-4CEA-8E95-252AD0C079E4}_is1" = Sushi Frenzy
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1" = FileServe Manager 1.0.0.3024
"{5B2ABC0F-1F6D-4BC0-88DE-EF32EDA92B36}" = SymNet
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5E97B802-0F3E-4EF9-9CDA-E14B7E42BB49}_is1" = Casino Island To Go
"{60D7AF14-0A47-450E-9547-B96238B22B63}_is1" = Treasures of Montezuma 3
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63B6AF9D-FB3C-4500-A67B-F51F38778CAE}_is1" = Cake Mania To the Max
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6CB9F96B-F6F9-4620-AB4D-CA8BBC04DA90}_is1" = Vacation Quest The Hawaiian Islands
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113721697}" = Diner Dash Hometown Hero
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114079860}" = Tri Peaks 2 Quest For The Ruby Ring
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116436960}" = Word Whomp( TM) Underground
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117336373}" = Diner Town Detective Agency
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119525623}" = Dream Day True Love
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3BCBC4-301A-401A-9C6F-971A040CCCF8}_is1" = The Pirate Tales
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901E076E-371C-47A9-A5BA-37159F1C3887}_is1" = Luxor Adventures
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92A83D67-8C71-45CB-A687-E45750E5177B}_is1" = Woodwille Chronicles
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954615A2-881D-4A45-80C4-F26AB0378C9A}_is1" = Gourmania 3 Zoo Zoom
"{95E84093-017F-4819-A18F-EC72950850F0}_is1" = Sally's Studio
"{99082F38-3333-4C88-9C3B-C15E85A34D1D}_is1" = Paradise Quest
"{99089A57-141C-4B26-977A-520E812211FF}" = ASPCA Tri Reminder by We-Care.com
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BEE12D0-C2BF-4865-A8F6-6F46577F4FB4}_is1" = Yard Sale Hidden Treasures Lucky Junction
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9FDE1FEB-6774-4F21-976A-6AD48BDE19A7}_is1" = Julia's Quest United Kingdom
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1675E3-4D03-4808-BDF5-992619544D12}" = Intel(R) Network Connections 16.4.69.0
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B8AD00BF-50EC-4029-84DF-D325B41C2466}_is1" = Jewel Keepers Easter Island
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E425B12D-527B-4C80-8D0E-0B16A5D8BCBD}_is1" = Delicious Emily's Childhood Memories
"{E49D9754-D328-41DC-87DD-E6F02DE4B153}_is1" = Luxor HD
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F46F704F-25B7-40E9-9273-EB729A193744}_is1" = Jewel Quest Mysteries The Seventh Gate
"{F8EF4778-F413-4BC5-94F1-92C86F735D61}_is1" = Cooking Dash 3 Thrills and Spills
"{FAE873F5-4F09-4CCB-9F78-BDFADF295B92}_is1" = Delicious winter edition Deluxe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"All Knight Diner (Diner Dash Hometown Hero - Gourmet)" = All Knight Diner (Diner Dash Hometown Hero - Gourmet)
"alotToolbar" = ALOT Toolbar
"Amazon Kindle" = Amazon Kindle
"am-burgerislandr2themissingingredient" = Burger Island(R) 2 - The Missing Ingredient
"am-cakemanialightscameraactiontm" = Cake Mania - Lights, Camera, Action!(TM)
"am-chroniclesofalbianthemagicconvention" = Chronicles of Albian - The Magic Convention
"am-farmfrenzy3madagascar" = Farm Frenzy 3 - Madagascar
"amg-10daysunderthesea" = 10 Days Under The Sea
"amg-1912titanicmystery" = 1912 Titanic Mystery
"amg-abundante" = Abundante!
"amg-bigcityadventuretmnewyorkcity" = Big City Adventure(TM) - New York City
"amg-bigkahunareef2chainreaction" = Big Kahuna Reef 2 - Chain Reaction
"amg-burgerbustle" = Burger Bustle
"amg-coffeerush" = Coffee Rush
"amg-coffeerush2" = Coffee Rush 2
"amg-cradleofrome2" = Cradle of Rome 2
"amg-cruisecluestmcaribbeanadventure" = Cruise Clues(TM) - Caribbean Adventure
"amg-cursedhouse" = Cursed House
"amg-darkparablescurseofbriarrose" = Dark Parables - Curse of Briar Rose
"amg-delicious2deluxe" = Delicious 2 Deluxe
"amg-deliciousemilysholidayseason" = Delicious - Emily's Holiday Season
"amg-deliciousemilystasteoffame" = Delicious - Emily's Taste of Fame
"amg-deliciousemilysteagarden" = Delicious - Emily's Tea Garden
"amg-detectiveagency" = Detective Agency
"amg-dominomastergold" = Domino Master Gold
"amg-dragonportals" = Dragon Portals
"amg-dragonstone" = Dragon Stone
"amg-dressuprush" = Dress Up Rush
"amg-farmfrenzy" = Farm Frenzy
"amg-farmfrenzy2" = Farm Frenzy 2
"amg-farmfrenzy3americanpie" = Farm Frenzy 3 - American Pie
"amg-farmfrenzypizzaparty" = Farm Frenzy - Pizza Party!
"amg-farmmania" = FarmMania
"amg-fashionassistant" = Fashion Assistant
"amg-fashionboutique" = Fashion Boutique
"amg-flashdating" = Flash Dating
"amg-gemsweeper" = Gemsweeper
"amg-goldfever" = Gold Fever
"amg-goldrushtreasurehunt" = Gold Rush - Treasure Hunt
"amg-gourmania" = Gourmania
"amg-heroesofkalevala" = Heroes of Kalevala
"amg-hiddenmagic" = Hidden Magic
"amg-hotdoghotshot" = Hotdog Hotshot
"amg-jessicascupcakecafe" = Jessica's Cupcake Cafe
"amg-jewelmatch2" = Jewel Match 2
"amg-kitchenbrigade" = Kitchen Brigade
"amg-liongthelostamulets" = Liong - The Lost Amulets
"amg-lostinreefs" = Lost in Reefs
"amg-luxorquestfortheafterlife" = Luxor - Quest for the Afterlife
"amg-mahjongginvestigationsundersuspicion" = Mahjongg Investigations - Under Suspicion
"amg-makingmrright" = Making Mr. Right
"amg-marykayandrewsthefixerupper" = Mary Kay Andrews - The Fixer Upper
"amg-matchmakerjoininghearts" = Matchmaker - Joining Hearts
"amg-memorabiliamiasmysteriousmemorymachine" = Memorabilia - Mia's Mysterious Memory Machine
"amg-mortimerbeckettandthetimeparadox" = Mortimer Beckett and the Time Paradox
"amg-mysterylegendstmsleepyhollow" = Mystery Legends™ - Sleepy Hollow
"amg-mysterystoriesislandofhope" = Mystery Stories - Island of Hope
"amg-mysticemporium" = Mystic Emporium
"am-gourmania2greatexpectations" = Gourmania 2 - Great Expectations
"amg-pennydreadfulstmsweeneytodd" = Penny Dreadfuls(TM) Sweeney Todd
"amg-picketfences" = Picket Fences
"amg-pizzachef" = Pizza Chef
"amg-poshboutique" = Posh Boutique
"amg-poshboutique2" = Posh Boutique 2
"amg-poshshop" = Posh Shop
"amg-rainforestadventure" = Rainforest Adventure
"amg-ranchrush" = Ranch Rush
"amg-sallysquickclips" = Sally's Quick Clips
"amg-sallyssalon" = Sally's Salon
"amg-sallysspa" = Sally's Spa
"amg-successstory" = Success Story
"amg-supermarketmanagement" = Supermarket Management
"amg-supermarketmania" = Supermarket Mania
"amg-supermarketmaniar2" = Supermarket Mania(R) 2
"amg-thelostcasesofsherlockholmes" = The Lost Cases of Sherlock Holmes
"amg-thetreasuresofmontezuma2" = The Treasures of Montezuma 2
"amg-thetreasuresofmysteryisland" = The Treasures of Mystery Island
"amg-tikibar" = TikiBar
"amg-tropicalfarm" = Tropical Farm
"amg-wizardland" = Wizard Land
"amg-wizardshat" = Wizard's Hat
"amg-wordtravels" = Word Travels
"amg-youdasushichef" = Youda Sushi Chef
"amg-zumadeluxe" = Zuma Deluxe
"am-hobbyfarm" = Hobby Farm
"am-mirielsenchantedmystery" = Miriel's Enchanted Mystery
"am-mortimerbeckettandthelostking" = Mortimer Beckett and the Lost King
"am-mortimerbeckettandthesecretsofspookymanor" = Mortimer Beckett and the Secrets of Spooky Manor
"am-ranchrushr2" = Ranch Rush(R) 2
"am-theclockworkmanthehiddenworld" = The Clockwork Man - The Hidden World
"am-thetreasuresofmysteryisland2thegatesoffate" = The Treasures of Mystery Island 2 - The Gates of Fate
"am-zumasrevengetmadventure" = Zuma's Revenge!(TM) - Adventure
"AquaPearls_is1" = AquaPearls
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BDStudioGames_is1" = BDStudioGames
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Cake Mania 3" = Cake Mania 3
"BFG-Cake Shop" = Cake Shop
"BFG-Cooking Quest" = Cooking Quest
"BFG-Dream Day First Home" = Dream Day First Home
"BFG-Dream Day Wedding - Married in Manhattan" = Dream Day Wedding: Married in Manhattan
"BFG-Restaurant Rush" = Restaurant Rush
"BFG-Sea Journey" = Sea Journey
"BFG-Turbo Fiesta" = Turbo Fiesta
"BFG-Turbo Pizza" = Turbo Pizza
"BFG-Turbo Subs" = Turbo Subs
"BFG-Wedding Dash 4-Ever" = Wedding Dash 4-Ever
"BFG-Wedding Salon" = Wedding Salon
"BFG-Yard Sale Hidden Treasures - Sunnyville" = Yard Sale Hidden Treasures: Sunnyville
"Burger Island" = Burger Island
"Burger Shop" = Burger Shop
"BurgerTime Deluxe" = BurgerTime Deluxe
"Cake Mania To the Max" = Cake Mania To the Max (remove only)
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CenturyLink Remote Control" = CenturyLink Remote Control
"CheckIt Diagnostics" = CheckIt Diagnostics
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Cooking Dash" = Cooking Dash
"Delicious 2 Deluxe" = Delicious 2 Deluxe
"Diner Dash" = Diner Dash
"Diner Dash Hometown Hero - Gourmet" = Diner Dash Hometown Hero - Gourmet
"Dream Day First Home" = Dream Day First Home
"Excel" = Microsoft Excel 97
"Farm Frenzy: Gone Fishing" = Farm Frenzy: Gone Fishing
"FarmMania2_is1" = FarmMania2
"Fashion Dash" = Fashion Dash
"Game Booster_is1" = Game Booster
"GameBox" = GameBox Toolbar
"GamesBar" = GamesBar 2.0.1.81
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"IObit Malware Fighter_is1" = IObit Malware Fighter
"iWinArcade" = iWin Games (remove only)
"Jane's Hotel" = Jane's Hotel
"Jane's Hotel Family Hero" = Jane's Hotel Family Hero
"Jewel Quest" = Jewel Quest
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Outlook 98" = Microsoft Outlook 98
"Miriel the Magical Merchant" = Miriel the Magical Merchant
"Mortimer Beckett and the Secrets of Spooky Manor" = Mortimer Beckett and the Secrets of Spooky Manor
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Pharaoh's Feast (Diner Dash Hometown Hero - Gourmet)" = Pharaoh's Feast (Diner Dash Hometown Hero - Gourmet)
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Ranch Rush_is1" = Ranch Rush
"RealArcade" = RealArcade
"RealoreStudios Toolbar" = RealoreStudios Toolbar
"RealPlayer 12.0" = RealPlayer
"Reel Deal Slot Quest: Alice in Wonderland" = Reel Deal Slot Quest: Alice in Wonderland (remove only)
"Reel Deal Slot Quest: Under the Sea" = Reel Deal Slot Quest: Under the Sea (remove only)
"Romantic Rendezvous Restaurant (Diner Dash Hometown Hero - Gourmet)" = Romantic Rendezvous Restaurant (Diner Dash Hometown Hero - Gourmet)
"Sandlot Connect_is1" = Sandlot Connect Version 1.2.6
"Sara's Super Spa Deluxe" = Sara's Super Spa Deluxe
"SearchElf_1.1 Toolbar" = SearchElf 1.1 Toolbar
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag_is1" = Smart Defrag
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Dash Slipper (Diner Dash Hometown Hero - Gourmet)" = The Dash Slipper (Diner Dash Hometown Hero - Gourmet)
"UnityWebPlayer" = Unity Web Player
"Waterpark Madness Restaurant (Diner Dash Hometown Hero - Gourmet)" = Waterpark Madness Restaurant (Diner Dash Hometown Hero - Gourmet)
"Web Games Player Plugin" = Web Games Player Plugin
"Wedding Dash 2" = Wedding Dash 2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X mas Blox_is1" = X mas Blox
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2011 5:55:05 PM | Computer Name = GINA | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\ComSvcConfig.exe . Error code = 0x80070020

Error - 8/11/2011 5:58:53 PM | Computer Name = GINA | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error - 8/12/2011 4:27:45 AM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application quickclips.exe, version 0.0.0.0, faulting module
quickclips.exe, version 0.0.0.0, fault address 0x0024763a.

Error - 8/13/2011 2:51:44 AM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application jewel quest mysteries the seventh gate.exe, version
0.0.0.0, faulting module jewel quest mysteries the seventh gate.exe, version 0.0.0.0,
fault address 0x0000335a.

Error - 8/17/2011 1:20:41 PM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x00067b98.

Error - 8/18/2011 5:58:52 PM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x0001b38b.

[ System Events ]
Error - 8/20/2011 4:10:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 4:10:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 6:54:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 6:54:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 7:02:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 7:02:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 9:43:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 9:43:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 10:34:04 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 10:34:04 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-21 05:17:49
-----------------------------
05:17:49.781 OS Version: Windows 5.1.2600 Service Pack 3
05:17:49.781 Number of processors: 1 586 0x304
05:17:49.812 ComputerName: GINA UserName:
05:17:52.671 Initialize success
05:23:40.375 AVAST engine defs: 11082100
05:24:47.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:24:47.750 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
05:24:49.828 Disk 0 MBR read successfully
05:24:49.828 Disk 0 MBR scan
05:24:49.890 Disk 0 Windows XP default MBR code
05:24:49.906 Disk 0 scanning sectors +312560640
05:24:49.968 Disk 0 scanning C:\WINDOWS\system32\drivers
05:25:03.218 Service scanning
05:25:05.937 Modules scanning
05:25:19.296 Disk 0 trace - called modules:
05:25:19.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
05:25:19.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ef3ab8]
05:25:19.421 3 CLASSPNP.SYS[f8728fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f4a998]
05:25:27.375 AVAST engine scan C:\WINDOWS
05:25:35.031 AVAST engine scan C:\WINDOWS\system32
05:27:36.906 AVAST engine scan C:\WINDOWS\system32\drivers
05:27:53.468 AVAST engine scan C:\Documents and Settings\Owner
05:36:24.625 File: C:\Documents and Settings\Owner\Desktop\OTL.com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:01.671 File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WAZCDVSZ\OTL[1].com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:52.296 AVAST engine scan C:\Documents and Settings\All Users
05:48:56.687 Scan finished successfully
05:49:58.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
05:49:58.234 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-21 05:17:49
-----------------------------
05:17:49.781 OS Version: Windows 5.1.2600 Service Pack 3
05:17:49.781 Number of processors: 1 586 0x304
05:17:49.812 ComputerName: GINA UserName:
05:17:52.671 Initialize success
05:23:40.375 AVAST engine defs: 11082100
05:24:47.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:24:47.750 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
05:24:49.828 Disk 0 MBR read successfully
05:24:49.828 Disk 0 MBR scan
05:24:49.890 Disk 0 Windows XP default MBR code
05:24:49.906 Disk 0 scanning sectors +312560640
05:24:49.968 Disk 0 scanning C:\WINDOWS\system32\drivers
05:25:03.218 Service scanning
05:25:05.937 Modules scanning
05:25:19.296 Disk 0 trace - called modules:
05:25:19.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
05:25:19.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ef3ab8]
05:25:19.421 3 CLASSPNP.SYS[f8728fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f4a998]
05:25:27.375 AVAST engine scan C:\WINDOWS
05:25:35.031 AVAST engine scan C:\WINDOWS\system32
05:27:36.906 AVAST engine scan C:\WINDOWS\system32\drivers
05:27:53.468 AVAST engine scan C:\Documents and Settings\Owner
05:36:24.625 File: C:\Documents and Settings\Owner\Desktop\OTL.com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:01.671 File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WAZCDVSZ\OTL[1].com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:52.296 AVAST engine scan C:\Documents and Settings\All Users
05:48:56.687 Scan finished successfully
05:49:58.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
05:49:58.234 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
07:20:33.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
07:20:33.968 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton 360
McAfee Security Scan Plus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

CA Yahoo! Anti-Spy (remove only)
SUPERAntiSpyware
Java(TM) 6 Update 26
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.22.87
Adobe Reader X (10.1.0)
Mozilla Firefox (2.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
``````````End of Log````````````

The OTL.Txt is attched

Thanks again!


reginaac

Newbie Surfer
Newbie Surfer

Posts: 44
Joined: 2011-08-21
Operating System: Windows XP

View user profile

Back to top Go down


Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Wed 14 Sep 2011, 12:09 am

Are you sure that you're doing this?
Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled

Superdave
Tech Staff


Tech Staff

Posts: 3286
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat 17 Sep 2011, 5:48 am

Hi Dave,

Yes, I'm sure.

This is what I see...

It's a big box that's white and it has a left hand column.

The titles in the column are:

File Handling (to the right of that is a picture of a pencil)

"Make Read only?" and it shows an unlocked lock (because it's writeable)
"Make Writeable?" and it shows a locked lock (so I can't write)

Backup/Restore

Import Options

Restore MS Hosts Files

File Handling

Editing

Download

Tools

Help

I've tried it both ways (I've always done it with the lock unlocked). When it's locked I can't create a backup.

So, with the lock unlocked I'm able to click on the Backup/Restore button and create a backup. Then it confirms that did happen.

Then I go to Restore MS Hosts File and it asks if I want to do this I click on OK and then the error appears.

I believe I'm doing it correctly, but if I'm not, please tell me what I'm doing wrong.

Thanks

reginaac

Newbie Surfer
Newbie Surfer

Posts: 44
Joined: 2011-08-21
Operating System: Windows XP

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Mon 19 Sep 2011, 8:29 pm

Please try the information in this link to set your hosts file back to default.

Superdave
Tech Staff


Tech Staff

Posts: 3286
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Wed 21 Sep 2011, 2:07 am

Hi Dave,

I went to the link and clicked on the icon so it would make the changes automatically.

What should I do now?

Thanks

reginaac

Newbie Surfer
Newbie Surfer

Posts: 44
Joined: 2011-08-21
Operating System: Windows XP

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Wed 21 Sep 2011, 2:15 am

Click on the FixIt icon and when the box comes up click Run and follow the directions.

Superdave
Tech Staff


Tech Staff

Posts: 3286
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Wed 21 Sep 2011, 4:25 pm

Superdave wrote:Click on the FixIt icon and when the box comes up click Run and follow the directions.

Hi Dave,

I'm sorry, I didn't explain myself properly. I already did this when I click on the icon. I did run the fix it program.

Is there something else I need to do to check it...or do I need to run any reports for you?

Thanks

reginaac

Newbie Surfer
Newbie Surfer

Posts: 44
Joined: 2011-08-21
Operating System: Windows XP

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Wed 21 Sep 2011, 7:25 pm

I did run the fix it program.

Is there something else I need to do to check it...or do I need to run any reports for you?
Sorry. I've never run this program before. Could you describe to me what happens after you let it run?

Superdave
Tech Staff


Tech Staff

Posts: 3286
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat 01 Oct 2011, 4:24 am

Hi Dave,

I'm sorry I hadn't been on sooner, I've been ill.

Anyway, I just clicked on the icon for it to run. It did run and that was it. That's why I was wondering if there was some way I should check it or something.

Thanks

reginaac

Newbie Surfer
Newbie Surfer

Posts: 44
Joined: 2011-08-21
Operating System: Windows XP

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat 01 Oct 2011, 6:05 pm

Anyway, I just clicked on the icon for it to run. It did run and that was it. That's why I was wondering if there was some way I should check it or something.
That should have reset your hosts file. It's been so long. Do you have any more problems with your computer?

Superdave
Tech Staff


Tech Staff

Posts: 3286
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat 08 Oct 2011, 7:40 am

Hi Dave,

Just little things that weren't there before, so other than those, nothing else.

reginaac

Newbie Surfer
Newbie Surfer

Posts: 44
Joined: 2011-08-21
Operating System: Windows XP

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat 08 Oct 2011, 7:41 pm

reginaac wrote:Hi Dave,

Just little things that weren't there before, so other than those, nothing else.
That's good. Just do the cleanup I suggested earlier in this thread and you're good to go.

Superdave
Tech Staff


Tech Staff

Posts: 3286
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Tue 11 Oct 2011, 6:01 pm

Hi Dave,

I want to thank you so much for all of your help. I really appreciate everything you've done.

Sincerely,
Gina

reginaac

Newbie Surfer
Newbie Surfer

Posts: 44
Joined: 2011-08-21
Operating System: Windows XP

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Tue 11 Oct 2011, 8:27 pm

reginaac wrote:Hi Dave,

I want to thank you so much for all of your help. I really appreciate everything you've done.

Sincerely,
Gina
You're welcome, Gina. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts: 3286
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Page 5 of 5 Previous  1, 2, 3, 4, 5

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum