Solved Remove XP antivirus Warning

Copy and paste the following into the Run dialog.

"%userprofile%\desktop\combofix.exe" /u

ComboFix will appear to run, but it is actually uninstalling.

 

Malware and Virus Removal

Dave,
I am now scanning for the third time, maybe this is the charm. I forgot to turn off Norton the first time, An error occured with Java and closed the report the second time. The saved document was no good either. Just to explain , in case you saw all this activity on future logs.

Dee

 

Malware and Virus Removal

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 03:30:58
Records in database: 1080851
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 43495
Threat name: 7
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 01:18:06


File name / Threat name / Threats count
C:\Documents and Settings\ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\ks0ev2j3.default\Cache\09E9772Ed01 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq 2
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18DA241D.htm Infected: Packed.JS.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19590991.htm Infected: Packed.JS.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B122DAC.htm Infected: Packed.JS.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\211969B5.htm Infected: Packed.JS.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21A7408E Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\444E7AF4 Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\518C4D91.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BBD23BD.htm Infected: Packed.JS.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\69C43999.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aw 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A0F0F5C.htm Infected: Packed.JS.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A205134.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aw 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A26252D.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71955242.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1

The selected area was scanned.

 

MyWebSearch is common adware, and not a real threat, so I'll leave it up to you as to if it goes or stays. If you opt for removal, uninstall it via Add/Remove programs then delete the C:\Program Files\MyWebSearchWB folder after reboot.

You need to run ATF Cleaner while logged onto the ted account. Select the FireFox option from the menu, then select all and Empty.

Open the Norton Antivirus interface and locate the Quarantined items, then remove them all.

Clean out the recycle bin on all accounts.

That should finish things up. How's the computer performing now?

 

Malware and Virus Removal

Dave,

The computer continues to be slow.
I have a softwaren my issue on my laptop, can I post a thread for it on this forum?
Thanks for all your help and patience, I've enjoyed working with you.

Dee

 

Go ahead and explain the issue, and how it's affecting the computer. We might try to deal with it right here.

 

Malware and Virus Removal

I am trying sto transfer a an independent game from Mostfun,http://www.mostfun.com/ to the Mostfun game player.http://www.download.com/MostFun-Game-Player/3000-2099_4-10597996.htm. Dell support did 1 for me but would not show me how it was done. The filed are transferred before downloaded. I have to use extra large icons and am trying to reduce the number of icon on my screen.By the way you have to choose a game that is not already on the game player.
Hope you can do this for me.
Thanks,
Dee

 

I'm checking it right now ... will get back with you in a bit.

 

Is there a reason you aren't getting the games from the game player menu? If you do that, they will be downloaded and install automatically.

 

Malware and Virus Removal

On the MostFun site that site that over 200 games, there are many games tnat are not in the game player. These games are called independent games, these are the ones I'm trying to transfer to the games player to download. There are better games on the indepedent list.

Dee

 

Well, I don't see any option to do that, and their help file is no help. The site even notes that downloaded games, once installed, are to be run from the All Programs menu or Desktop icon. Best bet is to send an email via the Contact Us link to inquire.

On second thought, it might be possible to edit the registry to add the game to the Recent list in the player. I'll poke around a bit. In the meantime, I still recommend sending an inquiry.

 

Malware and Virus Removal

Dave,
I saw it done by a Dell tech when he had accessed my computer. For some reason Dell Tech will not give directions on how something is done. Have contacted MostFun support team and they are apprective of my concern and will address it at a later date. I have called repeatedly and requested to speak to the tech who did this, it seems once a tech, he is never to found again. I know that if that tech can figure it out in less than 5 mins, you can do it also. The reason I need it done, I use extra large icons and I need to save space.
Get her done
Dee










d

 

I'll see if I can get back to it tonight. From what I observed last night, it didn't appear that easy, so I must be overlooking something basic.

As for saving space, you know that you can create a folder on your desktop, lets say you name it Games, then move all of the game shortcuts on the desktop to that folder? For that matter, shortcuts are created on the All Programs list as well, so the desktop shortcuts are not even required. You can also combine folders and shorcuts on the All Programs list to trim it down. You can do the same for any shortcuts in either location.

 

Malware and Virus Removal

Dave,
Thanks for trying to doing this for me, I know you can do it.
You know I have limited knowledge. I know nothing about creating folders.
Dee

 

Right click a blank space on the desktop and select New>Folder.
A folder will appear with the name flashing.
Just begin typing the name you want for it and when done, hit Enter or click any blank space.
Now you can left click and hold on any icon, then drag it over top of the folder and release to drop the icon into the folder (this is known as drag-n-drop).
You could also right click any icon and select Cut, then right click the New folder and select Paste.


Not so easily done on the All Programs list, but you can easily drag-n-drop any menu item to another (expanding) item, then drop it to consolidate.
When you drag-n-drop on the Start Menu, the location you're dragging to (and will drop to) is identified as a bold black line that moves with your cursor.

Alternatively, you can right click the Start button then select Open or Open All Users.

• Open will open your user profile's Start Menu folder
  Changes made within this folder will affect only your user account
• Open All Users will open the Start Menu folder that is used to display items that all user accounts have on their Start Menu
  Changes made here will affect all user accounts

Once you open a Start Menu folder, open the Programs folder within it.
These are the items you see listed on the All Programs list.
Any item you point to on the All Programs list that expands to reveal another shortcut, such as Start>All Programs>Accessories, has a folder in the Start Menu\Programs folder (if not in your's, then in the All Users).
You could easily create a new folder in the Programs folder, lets say you name it Downloaded Games, then drag-n-drop all the other folders representative of the games you have installed into the Downloaded Games folder.
Once you've done that, open the All Programs list and you will see the changes you've made.

To move an item out of a folder, use the Cut/Paste method.

 

Malware and Virus Removal

I'll try this but I really would like to use the player if
if I can.
Thanks for your help.
Dee

 

Malware and Virus Removal

Dave,
I've been getting these potential threat warnings on my laptop. I have run a scan, can I post it on this thread for to take a look?
Thanks,
Dee

 

Dave,
Here is the location of the potential threat,ocation: C:\Program Files\ErrorSmart\TCL.dll
It just started this pm and somes up every time I try to open certain games I have had downloaded for a while.

Dee

 

Sounds as though ComboFix run #7 (the log I was trying to get previously) wasn't successful. Download Deckard's System Scanner (dss.exe) and save it to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Malware and Virus Removal

his is a different computer from before. This is my laptop and the other was a desktop. It seems Errorsmart is always involved,
Deckard's System Scanner v20071014.68
Run by Dell on 2008-08-13 17:55:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dell.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:34 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ErrorSmart\ErrorSmart.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\iWin Games\iWinGames.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dell\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchingforwebsite.info/search.php?q=%s&a=v14-a
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE "
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9482 bytes

-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-13 04:27:55 0 d-------- C:\WINDOWS\LastGood
2008-08-09 09:26:55 0 d-------- C:\Documents and Settings\Dell\Application Data\Corel
2008-08-09 07:53:19 0 d-------- C:\Program Files\Conduit
2008-08-09 07:53:18 0 d-------- C:\Program Files\Sample_Resumes
2008-08-07 21:49:50 0 d-------- C:\Documents and Settings\Dell\Application Data\iWin
2008-08-06 16:07:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 16:07:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-06 13:10:10 0 d-------- C:\Documents and Settings\Dell\Application Data\Help
2008-08-06 09:43:55 0 d-------- C:\Documents and Settings\Savannah\Application Data\ErrorSmart
2008-08-05 03:55:22 0 d---s---- C:\Documents and Settings\Dell\UserData
2008-08-04 21:58:12 0 d-------- C:\Program Files\ErrorSmart
2008-08-04 15:58:10 0 d-------- C:\Documents and Settings\Dell\Application Data\ErrorSmart
2008-07-31 07:25:45 0 d-------- C:\Documents and Settings\Savannah\Application Data\FunWebProducts
2008-07-31 07:25:18 0 d-------- C:\Documents and Settings\Savannah\Application Data\Google
2008-07-31 07:25:00 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-07-30 20:20:37 0 d-------- C:\Documents and Settings\Dell\Application Data\TheScruffs
2008-07-30 20:16:40 0 d-------- C:\Documents and Settings\Dell\Application Data\PlayFirst
2008-07-30 16:24:36 0 d-------- C:\Documents and Settings\Savannah\Application Data\Eyeblaster
2008-07-30 16:21:01 0 d-------- C:\Documents and Settings\Savannah\Application Data\Macromedia
2008-07-30 16:21:00 0 d-------- C:\Documents and Settings\Savannah\Application Data\Adobe
2008-07-30 16:17:36 0 d-------- C:\Documents and Settings\Savannah\Application Data\Identities
2008-07-30 16:17:25 0 dr------- C:\Documents and Settings\Savannah\Favorites
2008-07-30 16:17:25 0 d-------- C:\Documents and Settings\Savannah\Desktop
2008-07-30 16:17:25 0 d---s---- C:\Documents and Settings\Savannah\Cookies
2008-07-30 16:17:25 0 dr-h----- C:\Documents and Settings\Savannah\Application Data
2008-07-30 16:17:25 0 d-------- C:\Documents and Settings\Savannah\Application Data\Mozilla
2008-07-30 16:17:25 0 d---s---- C:\Documents and Settings\Savannah\Application Data\Microsoft
2008-07-30 16:17:24 0 d--h----- C:\Documents and Settings\Savannah\Templates
2008-07-30 16:17:24 0 dr------- C:\Documents and Settings\Savannah\Start Menu
2008-07-30 16:17:24 0 dr-h----- C:\Documents and Settings\Savannah\SendTo
2008-07-30 16:17:24 0 dr-h----- C:\Documents and Settings\Savannah\Recent
2008-07-30 16:17:24 0 d--h----- C:\Documents and Settings\Savannah\PrintHood
2008-07-30 16:17:24 1048576 --ah----- C:\Documents and Settings\Savannah\ntuser.dat
2008-07-30 16:17:24 0 d--h----- C:\Documents and Settings\Savannah\NetHood
2008-07-30 16:17:24 0 dr------- C:\Documents and Settings\Savannah\My Documents
2008-07-30 16:17:24 0 d--h----- C:\Documents and Settings\Savannah\Local Settings
2008-07-30 16:04:53 0 d-------- C:\Documents and Settings\Dell\Application Data\KewlBoxPrefs
2008-07-27 13:05:16 0 d-------- C:\Documents and Settings\Dell\Application Data\Legends of pirates
2008-07-26 14:11:37 0 d-------- C:\Program Files\IEToolbar
2008-07-26 14:11:26 0 d-------- C:\Program Files\SoftwareRevenue.org
2008-07-26 14:11:22 1031274 --a------ C:\WINDOWS\system32\mi1.exe
2008-07-26 04:11:33 0 d-------- C:\Program Files\inebooks
2008-07-24 14:38:01 61440 --a------ C:\WINDOWS\system32\Big Kahuna Reef 2.scr <Not Verified; Reflexive; Reflexive BKR2Saver>
2008-07-24 11:27:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-07-24 10:27:12 0 d-------- C:\Documents and Settings\All Users\Application Data\MostFun
2008-07-24 10:17:30 0 d-------- C:\Documents and Settings\Dell\Application Data\Sun
2008-07-23 14:49:23 0 d-------- C:\Documents and Settings\Dell\Application Data\CyberLink
2008-07-23 12:12:53 0 d-------- C:\Documents and Settings\Dell\Application Data\MysteryStudio
2008-07-23 08:38:27 0 d-------- C:\Documents and Settings\Amanda\Application Data\Adobe
2008-07-23 04:09:37 0 d-------- C:\Program Files\Trend Micro
2008-07-23 03:28:24 0 d-------- C:\Downloads
2008-07-22 23:08:18 0 d-------- C:\Program Files\FlashGet
2008-07-22 19:37:50 0 dr------- C:\My Documents
2008-07-22 19:36:52 0 dr------- C:\Favorites
2008-07-22 18:41:17 0 d-------- C:\Documents and Settings\Dell\Application Data\Magic Academy
2008-07-22 18:35:51 0 d-------- C:\Program Files\Perfect Uninstaller
2008-07-22 17:18:22 0 d-------- C:\Documents and Settings\Dell\Application Data\AOL
2008-07-22 17:07:11 0 d-------- C:\Documents and Settings\Dell\Application Data\Mozilla
2008-07-22 16:43:31 0 d-------- C:\Documents and Settings\Dell\Application Data\Eyeblaster
2008-07-22 16:43:22 0 d-------- C:\Documents and Settings\Dell\Application Data\GameHouse
2008-07-22 16:41:46 0 d-------- C:\Documents and Settings\Dell\Application Data\Macromedia
2008-07-22 16:40:54 0 d-------- C:\Documents and Settings\Dell\Application Data\Adobe
2008-07-22 16:40:04 0 d-------- C:\Documents and Settings\Dell\Application Data\Google
2008-07-22 16:39:20 0 d-------- C:\Documents and Settings\Dell\Application Data\Identities
2008-07-22 16:39:07 0 dr------- C:\Documents and Settings\Dell\Favorites
2008-07-22 16:39:07 0 d-------- C:\Documents and Settings\Dell\Desktop
2008-07-22 16:39:07 0 d---s---- C:\Documents and Settings\Dell\Cookies
2008-07-22 16:39:07 0 dr-h----- C:\Documents and Settings\Dell\Application Data
2008-07-22 16:39:06 0 d--h----- C:\Documents and Settings\Dell\Templates
2008-07-22 16:39:06 0 dr------- C:\Documents and Settings\Dell\Start Menu
2008-07-22 16:39:06 0 dr-h----- C:\Documents and Settings\Dell\SendTo
2008-07-22 16:39:06 0 dr-h----- C:\Documents and Settings\Dell\Recent
2008-07-22 16:39:06 0 d--h----- C:\Documents and Settings\Dell\PrintHood
2008-07-22 16:39:06 0 d--h----- C:\Documents and Settings\Dell\NetHood
2008-07-22 16:39:06 0 dr------- C:\Documents and Settings\Dell\My Documents
2008-07-22 16:39:06 0 d--h----- C:\Documents and Settings\Dell\Local Settings
2008-07-22 16:39:05 2097152 --a------ C:\Documents and Settings\Dell\NTUSER.DAT
2008-07-22 16:28:14 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-22 16:18:39 0 d-------- C:\WINDOWS\Prefetch
2008-07-22 14:44:35 110 --a------ C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2008-07-20 07:08:11 0 d---s---- C:\Documents and Settings\Amanda\Cookies
2008-07-18 21:42:45 0 d-------- C:\Documents and Settings\Dee\Application Data\Zylom
2008-07-18 21:42:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-18 21:42:30 0 d-------- C:\Program Files\Zylom Games
2008-07-18 16:11:48 0 d-------- C:\Documents and Settings\Dee\Application Data\FunWebProducts
2008-07-18 16:11:30 0 d-------- C:\Program Files\FunWebProducts
2008-07-18 16:11:28 0 d-------- C:\Program Files\MyWebSearch
2008-07-17 17:06:58 0 d-------- C:\Documents and Settings\Dee\Application Data\MysteryStudio
2008-07-17 16:51:33 4096 --a------ C:\WINDOWS\d3dx.dat
2008-07-17 16:15:49 0 d-------- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-17 15:26:53 0 d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-17 12:44:37 0 d-------- C:\Program Files\Trymedia
2008-07-17 10:02:29 0 d-------- C:\Program Files\MostFun
2008-07-16 11:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-16 11:25:14 0 d-------- C:\Program Files\RealArcade
2008-07-16 09:29:12 0 d-------- C:\Documents and Settings\TEST\Application Data\Mozilla
2008-07-16 09:09:40 0 d-------- C:\Documents and Settings\TEST\Application Data\Macromedia
2008-07-16 09:09:38 0 d-------- C:\Documents and Settings\TEST\Application Data\Adobe
2008-07-16 09:09:00 0 d-------- C:\Documents and Settings\TEST\Application Data\Google
2008-07-16 09:07:47 0 d-------- C:\Documents and Settings\TEST\Application Data\Identities
2008-07-16 09:07:27 0 dr------- C:\Documents and Settings\TEST\Favorites
2008-07-16 09:07:27 0 d-------- C:\Documents and Settings\TEST\Desktop
2008-07-16 09:07:27 0 d---s---- C:\Documents and Settings\TEST\Cookies
2008-07-16 09:07:27 0 dr-h----- C:\Documents and Settings\TEST\Application Data
2008-07-16 09:07:27 0 d---s---- C:\Documents and Settings\TEST\Application Data\Microsoft
2008-07-16 09:07:26 0 d--h----- C:\Documents and Settings\TEST\Templates
2008-07-16 09:07:26 0 dr------- C:\Documents and Settings\TEST\Start Menu
2008-07-16 09:07:26 0 dr-h----- C:\Documents and Settings\TEST\SendTo
2008-07-16 09:07:26 0 dr-h----- C:\Documents and Settings\TEST\Recent
2008-07-16 09:07:26 0 d--h----- C:\Documents and Settings\TEST\PrintHood
2008-07-16 09:07:26 786432 --ah----- C:\Documents and Settings\TEST\ntuser.dat
2008-07-16 09:07:26 0 d--h----- C:\Documents and Settings\TEST\NetHood
2008-07-16 09:07:26 0 dr------- C:\Documents and Settings\TEST\My Documents
2008-07-16 09:07:26 0 d--h----- C:\Documents and Settings\TEST\Local Settings
2008-07-15 21:03:37 0 d-------- C:\Program Files\El Dorado Quest
2008-07-15 15:28:29 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-07-15 15:25:30 0 d-------- C:\Program Files\McAfee.com
2008-07-15 15:25:25 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-15 15:25:19 0 d-------- C:\Program Files\McAfee
2008-07-15 14:37:56 0 d-------- C:\Program Files\Windows Resource Kits
2008-07-14 22:12:35 0 d-------- C:\Documents and Settings\Dee\Application Data\Playrix Entertainment
2008-07-14 22:02:10 0 d-------- C:\GameFools
2008-07-14 11:34:11 0 d-------- C:\Program Files\VS Revo Group
2008-07-13 12:36:33 0 d-------- C:\Documents and Settings\Dee\Application Data\VisualShape
2008-07-13 12:36:33 0 d-------- C:\Documents and Settings\All Users\Application Data\VisualShape
2008-07-13 04:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-07-13 04:56:43 0 d-------- C:\New Folder
2008-07-13 04:56:24 0 d-------- C:\Program Files\Registry Easy
2008-07-13 04:56:19 0 d-------- C:\My Download Files


-- Find3M Report ---------------------------------------------------------------

2008-08-13 15:41:59 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-13 12:20:14 0 d-------- C:\Program Files\iWin.com
2008-08-05 05:07:40 0 d-------- C:\Program Files\Common Files\AOL
2008-08-03 07:46:50 0 d-------- C:\Program Files\Jigsaws
2008-07-22 18:28:36 0 d-------- C:\Program Files\GameHouse
2008-07-22 16:09:49 0 d-------- C:\Program Files\Windows NT
2008-07-22 16:09:44 0 d-------- C:\Program Files\Movie Maker
2008-07-22 16:09:42 0 d-------- C:\Program Files\Messenger
2008-07-16 17:41:31 0 d-------- C:\Program Files\Java
2008-07-15 15:25:25 0 d-------- C:\Program Files\Common Files
2008-07-14 11:55:54 2828 --a------ C:\WINDOWS\mozver.dat
2008-07-13 12:35:24 64 --a------ C:\WINDOWS\GPlrLanc.dat
2008-07-13 04:56:26 0 d-------- C:\Program Files\Common Files\Real
2008-07-09 02:51:59 0 d-------- C:\Program Files\QuickTime
2008-07-07 15:56:09 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-07-07 15:56:08 0 d-------- C:\Program Files\Real
2008-07-04 19:59:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-04 05:01:04 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-25 22:31:31 0 d-------- C:\Program Files\MSXML 4.0
2008-06-17 05:30:08 0 d-------- C:\Program Files\Yahoo!
2008-06-17 05:20:55 0 d-------- C:\Program Files\WordPerfect Office X3
2008-06-17 05:19:47 0 d-------- C:\Program Files\Common Files\Corel
2008-06-17 05:19:47 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-05-25 20:43:43 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-25 16:43:14 0 -rahs---- C:\MSDOS.SYS
2008-05-25 16:43:14 0 -rahs---- C:\IO.SYS
2008-05-25 16:43:14 0 --a------ C:\CONFIG.SYS
2008-05-25 16:43:14 0 --a------ C:\AUTOEXEC.BAT
2008-05-25 16:40:22 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-25 12:32:12 62 --ahs---- C:\Documents and Settings\Dell\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FCB2823-9A85-48AF-8368-0D8D7A0C5E55}]
01/28/2008 06:02 AM 2359296 --a------ C:\Program Files\IEToolbar\4 Search w google search\4search.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0C9A45D1-6DF3-4615-9353-07FB5EE9B507} "= C:\Program Files\IEToolbar\4 Search w google search\4search.dll [01/28/2008 06:02 AM 2359296]

[-HKEY_CLASSES_ROOT\CLSID\{0C9A45D1-6DF3-4615-9353-07FB5EE9B507}]
[HKEY_CLASSES_ROOT\XBTB06872.XBTB06872.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\XBTB06872.XBTB06872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager "= "C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe" [10/08/2007 05:50 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"SigmatelSysTrayApp "= "stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [05/26/2008 11:36 AM]
"QuickFinder Scheduler "= "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [07/05/2006 12:01 AM]
"Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [03/30/2007 07:59 PM]
"MyWebSearch Plugin "= "C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL" [07/31/2008 07:24 AM]
"MyWebSearch Email Plugin "= "C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" [07/31/2008 07:24 AM]
"My Web Search Bar "= "C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL" [07/31/2008 07:24 AM]
"mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [03/30/2007 08:00 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [03/30/2007 08:00 PM]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [11/01/2005 03:12 AM]
"DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20 AM]
"Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [05/14/2007 02:23 PM]
"Broadcom Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 12:48 PM]
"ErrorSmart "= "C:\Program Files\ErrorSmart\ErrorSmart.exe" [07/31/2008 01:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2008 04:54 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"AOL Fast Start "= "C:\Program Files\AOL 9.1\AOL.exe" [03/06/2008 06:12 AM]

C:\Documents and Settings\Dell\Start Menu\Programs\Startup\
MostFun.lnk - C:\Program Files\MostFun\Bin\MostFun.exe [8/28/2007 5:47:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [6/8/2003 5:48:18 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/28/2008 04:48 PM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dee^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=C:\Documents and Settings\Dee\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=C:\WINDOWS\pss\AOL Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
C:\Program Files\ErrorSmart\ErrorSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
-- End of Deckard's System Scanner: finished at 2008-08-13 17:56:07 ------------