Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: [RESOLVED] FbsSearch application wont uninstall  (Read 1910 times)

0 Members and 1 Guest are viewing this topic.

Starbuck

  • OTL Team - Malware Hunter
  • Site Administrator
  • *
  • Offline Offline
  • location: South Wales. UK
  • Posts: 2256
  • .: Editor OTL Tutorials
  • -: 1st Responder
    • WWW
Re: FbsSearch application wont uninstall
« Reply #4 on: January 20, 2010, 07:20:32 PM »
Hi celiagalev

Quote
Actually my username shouldve been compublunder


A sense of humour always helps.  ;)

Looking through the report, there is still a bit of work to do.
But before i get started on that:
part of the MBAM report is missing.....

Quote
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 36
 
Memory Processes Infected:
(No malicious items detected)

I need to see what files, folders and reg keys were removed.

Please restart MBAM
click on the 'Logs' tab at the top.
Then double click on:
Quote
mbam-log-2010-01-20 (09-47-58).txt


The log will then open in 'Notepad'.
Can you copy and paste the whole log as a reply to this post.

It will give me an idea of what was on the system before we started and what we are up against.

Thanks.

compublunderTopic starter

  • Member
  • *
  • Offline Offline
  • location: Trenton,Florida, USA
  • Posts: 9
Re: FbsSearch application wont uninstall
« Reply #3 on: January 20, 2010, 05:25:19 PM »
 :hiding: Actually my username shouldve been compublunder. When I saw my email I had hoped that it showed up like that only for me. :thumbsup1:
 Anyway thanks for the instructions on how to fix my problem.\ If you can fix my problem you are my new best friends in the UK! And all my friends on facebook will know about you too!  :yeah:

This is in the logMalwarebytes' Anti-Malware 1.44
Database version: 3601
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
1/20/2010 9:47:58 AM
mbam-log-2010-01-20 (09-47-58).txt
 
Scan type: Full Scan (C:\|)
Objects scanned: 151238
Time elapsed: 47 minute(s), 43 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 36
 
Memory Processes Infected:
(No malicious items detected)
 
Malwarebytes' Anti-Malware 1.44
Database version: 3601
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
1/20/2010 9:47:58 AM
mbam-log-2010-01-20 (09-47-58).txt
 
Scan type: Full Scan (C:\|)
Objects scanned: 151238
Time elapsed: 47 minute(s), 43 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 36
 
Memory Processes Infected:
(No malicious items detected)
 
-------------------------------------------------------------------------
----------
This is in the notes from OTL.Txt-Notepad
OTL logfile created on: 1/20/2010 10:15:26 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Celia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,015.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.22 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC114941193148
Current User Name: Celia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Celia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\QUALCOMM\QDLService\QDLService.exe (QUALCOMM, Inc.)
PRC - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe (Sonic Solutions)
PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Celia\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\aclayers.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\shimeng.dll (Microsoft Corporation)
 
========== Win32 Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (QDLService) -- C:\QUALCOMM\QDLService\QDLService.exe (QUALCOMM, Inc.)
SRV - (BOTService) -- C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe (Sonic Solutions)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\Vir
usDefs\20100119.051\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\Vir
usDefs\20100119.051\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPS
Defs\20100119.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (qcusbnethp) -- C:\WINDOWS\system32\drivers\qcusbnethp.sys (QUALCOMM Incorporated)
DRV - (qcusbserhp) -- C:\WINDOWS\system32\drivers\qcusbserhp.sys (QUALCOMM Incorporated)
DRV - (QCFilterhp) -- C:\WINDOWS\system32\drivers\qcfilterhp.sys (QUALCOMM Incorporated)
DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions)
DRV - (SahdIa32) -- C:\WINDOWS\System32\Drivers\SahdIa32.sys (Sonic Solutions)
DRV - (SaibIa32) -- C:\WINDOWS\System32\Drivers\SaibIa32.sys (Sonic Solutions)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (SysCow) -- C:\WINDOWS\system32\drivers\syscow32x.sys (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
 
========== Standard Registry (SafeList) ==========
 
========== Internet Explorer ==========
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=minipavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
O1 HOSTS File: ([2008/04/14 23:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Celia\My Documents\My Pictures\Picture\Monkey and bassett.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Celia\My Documents\My Pictures\Picture\Monkey and bassett.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/01/20 10:06:06 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Celia\Desktop\OTL.exe
[2010/01/20 08:57:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Application Data\Malwarebytes
[2010/01/20 08:56:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/20 08:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 08:56:46 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/20 08:56:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/19 08:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\My Documents\My Projects
[2010/01/18 17:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Application Data\gtk-2.0
[2010/01/18 17:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\.thumbnails
[2010/01/18 17:28:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\.gimp-2.6
[2010/01/18 17:27:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\My Documents\gegl-0.0
[2010/01/18 17:20:19 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/01/18 16:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Application Data\EmailNotifier
[2010/01/18 16:04:07 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2010/01/18 16:04:05 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2010/01/18 16:04:02 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2010/01/18 16:04:01 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2010/01/18 16:03:58 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2010/01/18 16:02:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2010/01/18 16:01:46 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2010/01/18 16:01:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2010/01/18 16:01:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2010/01/18 16:00:24 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2010/01/18 16:00:13 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2010/01/18 16:00:05 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2010/01/18 16:00:05 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2010/01/18 16:00:04 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2010/01/18 16:00:03 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2010/01/18 16:00:03 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2010/01/18 16:00:02 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2010/01/18 16:00:00 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2010/01/18 15:59:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2010/01/18 15:59:58 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2010/01/18 15:59:57 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2010/01/18 15:59:56 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2010/01/18 15:59:34 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2010/01/18 15:59:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2010/01/18 15:59:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2010/01/18 15:59:28 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2010/01/18 15:59:27 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2010/01/18 15:59:26 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2010/01/18 15:59:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2010/01/18 15:59:19 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2010/01/18 15:59:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2010/01/18 15:59:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2010/01/18 15:59:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2010/01/18 15:59:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2010/01/18 15:59:14 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2010/01/18 15:59:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2010/01/18 15:59:13 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2010/01/18 15:58:48 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/01/18 15:58:47 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/01/18 15:58:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/01/18 15:58:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/01/18 15:58:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/01/18 15:58:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/01/18 15:47:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Application Data\ooVoo Details
[2010/01/18 15:47:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/01/18 15:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Application Data\oovootb
[2010/01/18 15:46:23 | 00,000,000 | ---D | C] -- C:\Program Files\oovootb
[2010/01/18 15:45:59 | 00,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/01/18 15:45:00 | 18,271,624 | ---- | C] (ooVoo) -- C:\Documents and Settings\Celia\My Documents\oovoosetup.exe
[2010/01/18 14:28:58 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Celia\Recent
[2010/01/18 14:26:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/12 21:08:04 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/12 21:07:32 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2010/01/12 21:07:32 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/01/12 21:07:32 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2010/01/12 21:07:32 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/01/11 09:45:51 | 00,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/01/11 09:45:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/04 09:20:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Local Settings\Application Data\Google
[2010/01/04 09:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Local Settings\Application Data\Threat Expert
[2010/01/04 08:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/01 19:03:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Celia\Desktop\Unused Desktop Shortcuts
[2009/12/22 19:21:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/12/22 19:21:47 | 00,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2009/12/10 21:51:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/09 05:06:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/09 05:06:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/09 05:06:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/01/20 10:10:13 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/01/20 10:06:18 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Celia\Desktop\OTL.exe
[2010/01/20 09:51:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 09:51:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 09:50:57 | 10,646,20032 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/20 09:49:57 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Celia\NTUSER.DAT
[2010/01/20 09:49:57 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Celia\ntuser.ini
[2010/01/20 09:49:51 | 04,259,234 | -H-- | M] () -- C:\Documents and Settings\Celia\Local Settings\Application Data\IconCache.db
[2010/01/20 08:57:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 21:52:32 | 00,000,846 | ---- | M] () -- C:\Documents and Settings\Celia\Application Data\wklnhst.dat
[2010/01/19 21:47:02 | 00,283,136 | ---- | M] () -- C:\Documents and Settings\Celia\My Documents\header website.wps
[2010/01/19 21:26:36 | 00,063,968 | ---- | M] () -- C:\Documents and Settings\Celia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/19 20:32:35 | 00,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/19 16:50:27 | 00,549,454 | ---- | M] () -- C:\Documents and Settings\Celia\My Documents\ScoutLeaderUniformInspectionSheet.pdf
[2010/01/19 15:36:39 | 00,519,577 | ---- | M] () -- C:\Documents and Settings\Celia\My Documents\TigerWolfBearUniformInspectionSheet.pdf
[2010/01/19 15:35:33 | 00,140,801 | ---- | M] () -- C:\Documents and Settings\Celia\My Documents\UniformInspectionSheet.pdf
[2010/01/19 15:27:21 | 00,519,577 | ---- | M] () -- C:\Documents and Settings\Celia\My Documents\proper_placement_of_patches.pdf
[2010/01/18 17:35:03 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Celia\.recently-used.xbel
[2010/01/18 17:27:25 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/01/18 15:45:59 | 00,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/01/18 15:45:29 | 18,271,624 | ---- | M] (ooVoo) -- C:\Documents and Settings\Celia\My Documents\oovoosetup.exe
[2010/01/18 14:30:54 | 00,038,328 | ---- | M] () -- C:\Documents and Settings\Celia\My Documents\backup changes to registry jan18.reg
[2010/01/18 14:26:12 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Celia\Desktop\CCleaner.lnk
[2010/01/17 20:30:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/16 14:47:33 | 00,000,245 | ---- | M] () -- C:\Documents and Settings\Celia\Desktop\cjtijp.url
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 21:17:40 | 00,036,082 | ---- | M] () -- C:\Documents and Settings\Celia\My Documents\mysmiley.png
[2009/12/22 19:22:14 | 00,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2009/12/22 12:13:26 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/22 12:13:26 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/22 12:13:26 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/01/20 08:57:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 21:47:02 | 00,283,136 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\header website.wps
[2010/01/19 16:50:27 | 00,549,454 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\ScoutLeaderUniformInspectionSheet.pdf
[2010/01/19 15:36:39 | 00,519,577 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\TigerWolfBearUniformInspectionSheet.pdf
[2010/01/19 15:35:33 | 00,140,801 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\UniformInspectionSheet.pdf
[2010/01/19 15:27:21 | 00,519,577 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\proper_placement_of_patches.pdf
[2010/01/18 17:35:03 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Celia\.recently-used.xbel
[2010/01/18 17:27:24 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/01/18 16:04:03 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/01/18 16:03:17 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/01/18 16:03:17 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/01/18 16:03:16 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/01/18 16:03:16 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/01/18 16:03:15 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/01/18 16:03:13 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/01/18 16:03:12 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/01/18 16:03:12 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/01/18 16:03:11 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/01/18 16:03:10 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/01/18 16:03:09 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/01/18 16:03:09 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/01/18 16:03:08 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/01/18 16:03:07 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/01/18 16:03:07 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/01/18 16:03:06 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/01/18 16:03:06 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/01/18 16:03:05 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/01/18 16:03:02 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/01/18 16:03:01 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/01/18 16:02:42 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/01/18 16:02:41 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/01/18 16:02:39 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/01/18 16:02:37 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/01/18 16:02:36 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/01/18 16:02:35 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/01/18 16:01:56 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/01/18 16:01:55 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/01/18 16:01:53 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/01/18 16:00:23 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/01/18 16:00:23 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/01/18 16:00:22 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/01/18 16:00:21 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/01/18 16:00:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/01/18 16:00:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/01/18 16:00:19 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/01/18 16:00:18 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/01/18 15:49:41 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/01/18 15:49:40 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/01/18 15:45:59 | 00,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/01/18 14:30:12 | 00,038,328 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\backup changes to registry jan18.reg
[2010/01/18 14:26:12 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Celia\Desktop\CCleaner.lnk
[2010/01/01 21:17:40 | 00,036,082 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\mysmiley.png
[2010/01/01 00:30:12 | 02,818,929 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0011.JPG
[2010/01/01 00:30:12 | 02,801,546 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0008.JPG
[2010/01/01 00:30:12 | 02,747,277 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0010.JPG
[2010/01/01 00:30:12 | 02,713,247 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0012.JPG
[2010/01/01 00:30:12 | 02,690,453 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0009.JPG
[2010/01/01 00:30:12 | 02,105,776 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0004.JPG
[2010/01/01 00:30:12 | 02,089,719 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0005.JPG
[2010/01/01 00:30:12 | 02,025,261 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0006.JPG
[2010/01/01 00:30:12 | 02,025,028 | ---- | C] () -- C:\Documents and Settings\Celia\My Documents\FILE0007.JPG
[2009/12/22 19:22:13 | 00,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2009/12/08 12:58:08 | 00,000,846 | ---- | C] () -- C:\Documents and Settings\Celia\Application Data\wklnhst.dat
[2009/03/09 06:07:16 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/09 05:33:01 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/09/02 07:25:26 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/06/24 12:48:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/14 23:00:00 | 00,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 23:00:00 | 00,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 23:00:00 | 00,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 23:00:00 | 00,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 23:00:00 | 00,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010/01/18 15:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/03/09 05:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/01/11 09:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/09 06:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/03/09 06:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/22 19:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/01/18 16:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\EmailNotifier
[2010/01/18 17:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\gtk-2.0
[2009/03/09 06:09:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\MigoMobile
[2010/01/18 15:50:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\ooVoo Details
[2010/01/19 10:01:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\oovootb
[2009/12/02 03:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\Smith Micro
[2009/12/08 12:58:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\Template
[2009/03/09 05:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Celia\Application Data\TMP
[2010/01/20 10:10:13 | 00,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
 
========== Purity Check ==========
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
[2009/12/02 03:05:03 | 00,259,584 | RHS- | M] (Microsoft Corporation) -- C:\BCDEDIT.EXE
[2009/12/02 03:05:03 | 00,102,400 | RHS- | M] (Microsoft Corporation) -- C:\bootsect.exe
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS >
[2008/04/14 15:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 23:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 10:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
 
< MD5 for: ATAPI.SYS >
[2008/04/14 15:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 23:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 03:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 10:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL >
[2008/04/14 23:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL >
[2008/04/14 23:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL >
[2008/04/14 23:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
 
This is from Extras.Txt-Notepad
OTL Extras logfile created on: 1/20/2010 10:15:26 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Celia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,015.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.22 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC114941193148
Current User Name: Celia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parame
ters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parame
ters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parame
ters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parame
ters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parame
ters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{11FFE8F9-A80C-4F08-9BDB-601526DE5977}" = Qualcomm Gobi Driver Package for HP
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{275E7C8F-5407-4E2D-9506-0DC5BC59B14E}" = MigoMobile DESKTOP 4
"{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio Instant Restore Recovery Disk
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6E2646CA-022F-447E-A192-B7EC4C8C0783}" = Qualcomm Gobi Images for HP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B5B25043-42A0-4490-A425-C7A6284213E6}" = HP User Guides 0130
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/14/2009 10:26:26 PM | Computer Name = PC114941193148 | Source = Application Error | ID = 1000
Description = Faulting application fbssearchproviderie8.exe, version 1.0.0.1, faulting
 module fbssearchproviderie8.exe, version 1.0.0.1, fault address 0x0000114e.
 
Error - 12/14/2009 10:26:41 PM | Computer Name = PC114941193148 | Source = Application Error | ID = 1001
Description = Fault bucket 1466582386.
 
[ System Events ]
Error - 12/22/2009 1:00:34 PM | Computer Name = PC114941193148 | Source = PlugPlayManager | ID = 12
Description = The device 'Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller'
(PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) disappeared from
the system without first being prepared for removal.
 
Error - 12/23/2009 2:13:52 PM | Computer Name = PC114941193148 | Source = PlugPlayManager | ID = 12
Description = The device 'Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller'
(PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) disappeared from
the system without first being prepared for removal.
 
Error - 12/24/2009 11:10:25 PM | Computer Name = PC114941193148 | Source = PlugPlayManager | ID = 12
Description = The device 'Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller'
(PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) disappeared from
the system without first being prepared for removal.
 
< End of report >

Starbuck

  • OTL Team - Malware Hunter
  • Site Administrator
  • *
  • Offline Offline
  • location: South Wales. UK
  • Posts: 2256
  • .: Editor OTL Tutorials
  • -: 1st Responder
    • WWW
Re: FbsSearch application wont uninstall
« Reply #2 on: January 19, 2010, 08:37:58 PM »
Hi celiagalev and welcome to Smokeys.

Ok 2 things..
It's never wise to have an email address as a user name.
Just stick with celiagalev
I will change this, remember when you try to log in, that your user name will now be celiagalev

2nd thing:
Quote
When I try to uninstall the program fastbrowser search it wont uninstall. I called the company who was not able to help me.

Not really surprised at that.
This is a program that you Don't want on your system. Why would they let you remove it??

Ok, let's set about this problem:

]Step 1
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
      • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
      • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
      • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
      • Click OK to close the message box and continue with the removal process.
      • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
      • Make sure that everything is checked, and click Remove Selected.
      • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
      • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the contents of that report in your next reply and exit MBAM.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

      Step 2
      • Download OTL to your desktop.
        if you have problems, try this download link:
        OTL
      • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      • When the window appears, underneath Output at the top change it to Minimal Output.
      • Check the boxes beside LOP Check and Purity Check
      .

      .

        Now copy the lines in the codebox below.
      Code: [Select]
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      /md5stop
      CREATERESTOREPOINT
      • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


        .
      • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
      In your next reply, please submit: 
      MBAM scan report
      and both reports from OTL


      Thanks.

      compublunderTopic starter

      • Member
      • *
      • Offline Offline
      • location: Trenton,Florida, USA
      • Posts: 9
      [RESOLVED] FbsSearch application wont uninstall
      « Reply #1 on: January 19, 2010, 02:57:37 PM »
      When I startup my comp. I get an error message 'FbsSearchProviderIE8 Application has encountered a problem and needs to close.We are sorry for the inconvenience.
      When I try to uninstall the program fastbrowser search it wont uninstall. I called the company who was not able to help me. I dont know if this is a virus that just wont leave. Can you help. I am a complete novice.  :'(
      Thanks  :icon_redface:
       

      * Permissions
      You can post new topics.
      You can post replies.
      You can post attachments.
      You can modify your posts.
      		 BBCode Enabled
      Smilies Enabled
      [img] Enabled
      HTML Disabled

      + Quick Reply


      Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
      Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved
      Smokey's Security Forums is member AQMRB - Alliance of Qualified Malware Removal Boardsâ„¢, an organisation of Approved Qualified Malware Removal Help & Support Boards
      Member ASAP - Alliance of Security Analysis Professionalsâ„¢

          

        

      Smokey's provide fully qualified OTL (OldTimer ListIt) Log Analysis & Malware Removal services in English, German and Spanish language