FBI Moneypak virus

[jd28]

Hello,

Thanks for taking the time to read my problem. My Windows XP desk top has been infected by this FBI Moneypak virus. I'm able to use F8 during boot up but any option selected (Safe Mode, Safe Mode with Command Prompt, etc) all ultimately run through the boot process and result back to the FBI virus screen and the PC is locked/unresponsive to any other commands. Is there anything you can recommend that I try?

with thanks,

JD

[MrCharlie]

Download OTLPE from here or here

Now put a blank cd-r in your burner and double click on OTLPEStd.exe, it will automatically burn the cd. (burn it at a slow speed to avoid errors)

Once you have the cd, boot the computer up using it.

Note : If you do not know how to set your computer to boot from CD follow the steps here

It's going to go something like this when OTLPE loads:

• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
  
• Under the Custom Scan box paste this in:
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  /md5start
  explorer.exe
  services.exe
  winlogon.exe
  userinit.exe
  /md5stop
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the C:\OTL.txt file in your reply.
  

MrC

[abrenden123]

OTL logfile created on: 12/26/2012 9:01:23 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files

Drive C: | 139.07 Mb Total Space | 114.94 Mb Free Space | 82.65% Space Free | Partition Type: NTFS

Drive D: | 148.91 Gb Total Space | 120.56 Gb Free Space | 80.96% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2012/12/18 11:32:56 | 000,137,728 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2012/12/18 11:32:50 | 000,375,296 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2012/11/29 13:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 09:58:17 | 000,096,768 | ---- | M] (LabTech Software) [Auto] -- D:\Windows\LTsvc\LTSvcMon.exe -- (LTSvcMon)

SRV - [2012/06/18 09:56:00 | 012,548,608 | ---- | M] (LabTech Software) [Auto] -- D:\Windows\LTSvc\LTSVC.exe -- (LTService)

SRV - [2012/03/23 11:55:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/07/12 21:49:30 | 001,922,960 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent)

SRV - [2011/07/12 21:47:18 | 000,809,032 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2010/11/02 20:22:02 | 000,113,168 | ---- | M] (DEVGURU Co., LTD) [Auto] -- D:\Windows\System32\ptumlcmsvc.exe -- (ptumlcmsvc)

SRV - [2009/12/03 22:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto] -- D:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/01/26 17:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/07/15 19:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (VGPU)

DRV - File not found [Kernel | On_Demand] -- -- (tsusbhub)

DRV - File not found [Kernel | On_Demand] -- -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand] -- -- (cpuz135)

DRV - [2012/12/18 11:33:16 | 000,084,504 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- D:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2012/11/29 13:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- D:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2012/11/29 13:56:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2012/07/12 16:50:19 | 000,167,168 | ---- | M] (Acronis) [Kernel | Boot] -- D:\Windows\System32\drivers\snapman.sys -- (snapman)

DRV - [2012/05/09 14:46:00 | 000,028,032 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetmdm.sys -- (vzandnetmodem)

DRV - [2012/05/09 14:46:00 | 000,023,168 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetdiag2.sys -- (vzandnetdiag2)

DRV - [2012/05/09 14:46:00 | 000,023,168 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetdiag.sys -- (vzandnetdiag)

DRV - [2012/05/09 14:43:00 | 000,074,752 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lgvzandnetndis.sys -- (vzandnetndis)

DRV - [2012/04/02 13:25:54 | 000,397,640 | ---- | M] (Acronis) [Kernel | Boot] -- D:\Windows\System32\drivers\timntr.sys -- (timounter)

DRV - [2012/04/02 13:25:54 | 000,038,120 | ---- | M] (Acronis) [File_System | Auto] -- D:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2011/05/13 20:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot] -- D:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011/05/13 20:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010/11/20 06:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 06:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 06:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 04:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 03:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 03:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 03:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/11/02 10:07:04 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLVsp.sys -- (PTUMLVsp)

DRV - [2010/11/02 10:07:02 | 000,168,848 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLNVsp.sys -- (PTUMLNVsp)

DRV - [2010/11/02 10:07:02 | 000,060,432 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLRMNET.sys -- (PTUMLRMNET)

DRV - [2010/11/02 10:07:00 | 000,237,072 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLMBMP.sys -- (PTUMLMBMP)

DRV - [2010/11/02 10:07:00 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLMdm.sys -- (PTUMLMdm)

DRV - [2010/11/02 10:07:00 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLCVsp.sys -- (PTUMLCVsp)

DRV - [2010/11/02 10:07:00 | 000,059,664 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PTUMLBUS.sys -- (PTUMLBUS)

DRV - [2010/02/25 02:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)

DRV - [2010/01/26 19:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2010/01/13 18:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®

DRV - [2009/12/03 18:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/06/25 19:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2009/06/13 03:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel®

DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009/01/14 21:46:04 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2008/10/09 05:32:46 | 001,810,856 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006/10/03 03:07:00 | 000,047,488 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rismc32.sys -- (RICOH SmartCard Reader)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E CB DE C5 8A E3 CD 01 [binary data]

IE - HKU\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKU\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\ABrenden_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 14 24 9A 19 CD 01 [binary data]

IE - HKU\Motive_Master_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKU\ABrenden.HP6930P-106_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O3 - HKU\ABrenden.HP6930P-106_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\ABrenden_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O3 - HKU\ABrenden_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\Motive_Master_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O3 - HKU\Motive_Master_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [bYRUA_AGENT] D:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)

O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKU\ABrenden.HP6930P-106_ON_D..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\jcheng_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\LogMeInRemoteUser_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O7 - HKU\ABrenden.HP6930P-106_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\ProgramData\nzqwwnh_) - D:\ProgramData\nzqwwnh_.exe (Lymi)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Authentication Packages - (relog_ap) - D:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{70208ba5-a441-11e1-aa56-00271331fa59}\Shell - "" = AutoRun

O33 - MountPoints2\{70208ba5-a441-11e1-aa56-00271331fa59}\Shell\AutoRun\command - "" = D:\Setup.exe

O33 - MountPoints2\{8695b85a-c4bc-11e1-bb43-00271331fa59}\Shell - "" = AutoRun

O33 - MountPoints2\{8695b85a-c4bc-11e1-bb43-00271331fa59}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Sharedaccess - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - D:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - D:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/26 20:09:57 | 000,000,000 | -HSD | C] -- D:\RECYCLER

[2012/12/26 19:31:15 | 000,112,640 | ---- | C] (Lymi) -- D:\ProgramData\nzqwwnh_.exe

[2012/12/26 19:30:17 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\WinZip

[2012/12/26 19:29:25 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Resource Kits

[2012/12/26 19:04:58 | 000,112,640 | ---- | C] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe

[2012/12/26 18:33:13 | 000,112,640 | ---- | C] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe

[2012/12/26 13:22:07 | 000,000,000 | ---D | C] -- D:\Users\LogMeInRemoteUser

[2012/12/26 13:20:17 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\LogMeIn

[2012/12/26 13:20:16 | 000,084,504 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIRfsClientNP.dll

[2012/12/26 13:20:16 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\drivers\LMIRfsDriver.sys

[2012/12/26 13:20:16 | 000,031,736 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIport.dll

[2012/12/26 13:20:14 | 000,092,664 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIinit.dll

[2012/12/26 13:20:12 | 000,000,000 | ---D | C] -- D:\ProgramData\LogMeIn

[2012/12/26 13:20:03 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn

[2012/12/26 12:04:16 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\Apps

[2012/12/26 12:04:15 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\Deployment

[2012/12/26 11:53:42 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll

[2012/12/26 11:53:42 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll

[2012/12/19 13:17:40 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\Desktop\23rd ave and thunderbird

[2012/12/19 13:17:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb

[2012/12/19 13:17:22 | 000,420,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll

[2012/12/19 13:17:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll

[2012/12/19 13:17:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll

[2012/12/19 13:17:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll

[2012/12/19 13:17:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe

[2012/12/19 13:17:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll

[2012/12/19 13:17:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll

[2012/12/19 13:17:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll

[2012/12/19 13:17:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl

[2012/12/17 21:08:22 | 000,376,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dpnet.dll

[2012/12/17 21:08:15 | 000,271,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe

[2012/12/17 21:08:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\winsrv.dll

[2012/12/17 21:08:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2012/12/17 21:08:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/17 21:08:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/17 21:08:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2012/12/17 21:08:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2012/12/17 21:08:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2012/12/17 21:08:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/17 21:08:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2012/12/17 21:08:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2012/12/17 21:08:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/17 21:08:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2012/12/17 21:08:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2012/12/17 21:08:04 | 002,345,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys

[2012/12/17 21:08:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll

[2012/12/08 04:27:33 | 000,000,000 | ---D | C] -- D:\Users\ABrenden.HP6930P-106\AppData\Local\ESET

[2012/11/29 13:56:30 | 000,025,248 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr.dll

[2012/11/29 13:56:30 | 000,011,552 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr2.dll

[2011/02/11 20:40:40 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll

[2008/10/09 05:28:56 | 000,195,112 | ---- | C] ( ) -- D:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2012/12/26 20:36:03 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat

[2012/12/26 20:35:21 | 000,112,640 | ---- | M] (Lymi) -- D:\ProgramData\nzqwwnh_.exe

[2012/12/26 20:33:19 | 2337,484,800 | -HS- | M] () -- D:\hiberfil.sys

[2012/12/26 20:32:29 | 000,006,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/26 20:32:29 | 000,006,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/26 20:31:47 | 000,112,640 | ---- | M] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe

[2012/12/26 20:28:26 | 000,112,640 | ---- | M] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe

[2012/12/26 20:07:45 | 000,624,178 | ---- | M] () -- D:\Windows\System32\perfh009.dat

[2012/12/26 20:07:45 | 000,106,522 | ---- | M] () -- D:\Windows\System32\perfc009.dat

[2012/12/26 13:20:16 | 000,000,958 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk

[2012/12/26 13:20:13 | 000,001,024 | ---- | M] () -- D:\.rnd

[2012/12/26 11:57:32 | 000,412,376 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT

[2012/12/18 11:33:16 | 000,084,504 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\LMIRfsClientNP.dll

[2012/12/18 11:33:02 | 000,031,736 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\LMIport.dll

[2012/12/18 11:33:00 | 000,092,664 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\LMIinit.dll

[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll

[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- D:\Windows\System32\atmlib.dll

[2012/12/09 01:02:07 | 000,286,720 | ---- | M] () -- D:\Users\ABrenden.HP6930P-106\Documents\Database1.accdb

[2012/12/04 22:43:58 | 000,547,840 | ---- | M] () -- D:\Users\ABrenden.HP6930P-106\Desktop\Sw VZW Sites.est

[2012/11/29 13:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\drivers\LMIRfsDriver.sys

[2012/11/29 13:56:30 | 000,025,248 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr.dll

[2012/11/29 13:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) -- D:\Windows\System32\lmimirr2.dll

========== Files Created - No Company Name ==========

[2012/12/26 13:20:07 | 000,000,958 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk

[2012/12/26 12:08:59 | 000,001,024 | ---- | C] () -- D:\.rnd

[2012/12/09 01:02:00 | 000,286,720 | ---- | C] () -- D:\Users\ABrenden.HP6930P-106\Documents\Database1.accdb

[2012/07/20 08:14:36 | 000,000,065 | ---- | C] () -- D:\Windows\System32\lgAxconfig.ini

[2012/06/24 23:43:36 | 000,000,682 | ---- | C] () -- D:\Windows\hpwmdl30.dat.temp

[2012/06/24 23:34:21 | 000,143,368 | ---- | C] () -- D:\Windows\hpwins30.dat

[2012/05/29 10:37:56 | 000,000,008 | RHS- | C] () -- D:\ProgramData\ntuser.pol

[2012/04/13 10:39:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe

[2012/04/13 10:39:23 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll

[2012/04/13 10:39:22 | 000,080,896 | ---- | C] () -- D:\Windows\System32\RDVGHelper.exe

[2012/03/22 12:18:52 | 000,000,017 | ---- | C] () -- D:\Users\Motive Master\AppData\Local\resmon.resmoncfg

[2011/05/16 00:32:56 | 000,000,682 | ---- | C] () -- D:\Windows\hpwmdl30.dat

[2011/02/11 21:10:52 | 000,439,308 | ---- | C] () -- D:\Windows\System32\igcompkrng500.bin

[2011/02/11 21:10:50 | 000,982,240 | ---- | C] () -- D:\Windows\System32\igkrng500.bin

[2011/02/11 21:10:50 | 000,092,356 | ---- | C] () -- D:\Windows\System32\igfcg500m.bin

[2011/02/11 20:38:44 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config

[2010/11/11 09:51:29 | 000,000,805 | ---- | C] () -- D:\Windows\System32\RTSLCS.dll

[2009/12/02 21:39:02 | 020,317,504 | ---- | C] () -- D:\Windows\System32\TrueSuiteCoInst02020000.dll

[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat

[2009/07/13 23:33:53 | 000,412,376 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT

[2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- D:\Windows\System32\perfh009.dat

[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat

[2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- D:\Windows\System32\perfc009.dat

[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat

[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT

[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat

[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll

[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- D:\Windows\System32\igfcg500.bin

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat

[2008/10/09 05:33:06 | 000,027,176 | ---- | C] () -- D:\Windows\snuvcdsm.exe

[2008/10/09 05:32:46 | 001,810,856 | ---- | C] () -- D:\Windows\System32\drivers\snp2uvc.sys

[2008/10/09 05:31:10 | 000,034,856 | ---- | C] () -- D:\Windows\System32\drivers\sncduvc.sys

[2006/05/19 20:39:58 | 000,015,497 | ---- | C] () -- D:\Windows\snp2uvc.ini

[2005/12/21 19:57:36 | 000,139,264 | ---- | C] () -- D:\Windows\System32\nsldap32v50.dll

[2005/12/21 19:57:04 | 000,024,576 | ---- | C] () -- D:\Windows\System32\nsldappr32v50.dll

[2005/12/21 19:54:34 | 000,040,960 | ---- | C] () -- D:\Windows\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2012/07/12 16:50:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Acronis

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data

[2012/04/02 13:27:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Apricorn

[2012/07/02 16:02:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Ask

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents

[2012/03/23 12:10:28 | 000,000,000 | ---D | M] -- D:\ProgramData\Downloaded Installations

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites

[2012/07/13 09:58:00 | 000,000,000 | ---D | M] -- D:\ProgramData\LabTech

[2012/07/20 08:14:44 | 000,000,000 | ---D | M] -- D:\ProgramData\LGMOBILEAX

[2012/12/26 13:20:17 | 000,000,000 | ---D | M] -- D:\ProgramData\LogMeIn

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu

[2012/03/22 14:18:07 | 000,000,000 | ---D | M] -- D:\ProgramData\TechSmith

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates

[2012/03/23 12:10:29 | 000,000,000 | ---D | M] -- D:\ProgramData\TrueSuite

[2012/05/30 16:08:08 | 000,000,000 | ---D | M] -- D:\ProgramData\WEngineLite

[2012/03/22 16:11:46 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip

[2009/07/13 23:53:46 | 000,022,948 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/12/26 13:20:13 | 000,001,024 | ---- | M] () -- D:\.rnd

[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- D:\autoexec.bat

[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- D:\config.sys

[2012/12/26 20:33:19 | 2337,484,800 | -HS- | M] () -- D:\hiberfil.sys

[2012/03/23 15:28:27 | 000,000,000 | RHS- | M] () -- D:\IO.SYS

[2012/03/23 15:28:27 | 000,000,000 | RHS- | M] () -- D:\MSDOS.SYS

[2012/12/26 20:25:32 | 000,074,330 | ---- | M] () -- D:\OTL.Txt

[2012/12/26 20:33:35 | 3116,646,400 | -HS- | M] () -- D:\pagefile.sys

< MD5 for: EXPLORER.EXE >

[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2010/11/11 09:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010/11/20 06:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2010/11/11 09:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2010/11/11 09:31:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2010/11/11 09:33:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\System32\services.exe

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 06:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe

[2010/11/20 06:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/08/14 04:37:49 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1562571D6B1541098E677C3BB78709A0 -- D:\Windows\System32\winlogon.exe

[2010/11/11 09:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010/11/11 09:33:52 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 06:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\ProgramData\Microsoft\Windows\RAI\winlogon.exe

[2010/11/20 06:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

[MrCharlie]

OK, basically what we want to do is copy the text that's in bold into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in bold into notepad and save it:

:OTL

O3 - HKU\ABrenden.HP6930P-106_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O3 - HKU\ABrenden.HP6930P-106_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\ABrenden_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O3 - HKU\ABrenden_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\Motive_Master_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O3 - HKU\Motive_Master_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O20 - HKLM Winlogon: Shell - (C:\ProgramData\nzqwwnh_) - D:\ProgramData\nzqwwnh_.exe (Lymi)

[2012/12/26 19:31:15 | 000,112,640 | ---- | C] (Lymi) -- D:\ProgramData\nzqwwnh_.exe

[2012/12/26 19:04:58 | 000,112,640 | ---- | C] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe

[2012/12/26 18:33:13 | 000,112,640 | ---- | C] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe

[2012/12/26 20:35:21 | 000,112,640 | ---- | M] (Lymi) -- D:\ProgramData\nzqwwnh_.exe

[2012/12/26 20:31:47 | 000,112,640 | ---- | M] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe

[2012/12/26 20:28:26 | 000,112,640 | ---- | M] (Lymi) -- D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

[abrenden123]

========== OTL ==========

Registry value HKEY_USERS\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.

Registry value HKEY_USERS\ABrenden.HP6930P-106_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.

Registry value HKEY_USERS\ABrenden_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.

Registry value HKEY_USERS\Motive_Master_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\ProgramData\nzqwwnh_ deleted successfully.

File D:\ProgramData\nzqwwnh_.exe not found.

File D:\ProgramData\nzqwwnh_.exe not found.

File D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe not found.

File D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe not found.

File D:\ProgramData\nzqwwnh_.exe not found.

File D:\Users\ABrenden.HP6930P-106\AppData\Local\nzqwwnh_.exe not found.

File D:\Users\ABrenden.HP6930P-106\AppData\Roaming\nzqwwnh_.exe not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 12272012_105924

[MrCharlie]

Does it boot now?? MrC

[abrenden123]

I tried loading windows normally, and it worked. I think this may have solved the problem. I am taking steps to make sure of it. I downloaded, updated, and scanned. I am currently in the process of that. I have SpyBot as well, and I will scan with that too. I am using ESET NOD32 as an antivirus and after I scan with the Malware scanners, i will scan with NOD 32. Is there anything else I should do?

[abrenden123]

I meant to say I downloaded Malwarebytes.

[MrCharlie]

Yes...please do this >>>>>

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[jd28]

Download OTLPE from here or here

Now put a blank cd-r in your burner and double click on OTLPEStd.exe, it will automatically burn the cd. (burn it at a slow speed to avoid errors)

Once you have the cd, boot the computer up using it.

Note : If you do not know how to set your computer to boot from CD follow the steps here

It's going to go something like this when OTLPE loads:

• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
  
• Under the Custom Scan box paste this in:
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  /md5start
  explorer.exe
  services.exe
  winlogon.exe
  userinit.exe
  /md5stop
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the C:\OTL.txt file in your reply.
  

MrC

Hi Mr C -

I was able to download OTLPE and burn to a CD. I changed the BIOS on my desktop to boot from a CD. I've tried to boot the machine three times and each time it appears to be working for about 40 seconds as the REATOGO-X-PE desktop appears to be going through a system initialization but then it seems to hang up and I get a light blue screen with no icons. The CD burn confirmed the process was completed successfully. Does it take more than 2 minutes for the REATOGO-X-PE desktop to load?

thanks,

JD

[MrCharlie]

Yes it takes a while to load, try the cd in another computer and see if it works.

Let me know.....MrC

[jd28]

Yes it takes a while to load, try the cd in another computer and see if it works.

Let me know.....MrC

Hi Mr. C - It did work after several tries - thanks. I've posted the text file below.

OTL logfile created on: 12/29/2012 12:56:07 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 58.00% Memory free

454.00 Mb Paging File | 334.00 Mb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.10 Gb Total Space | 45.44 Gb Free Space | 63.91% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (LVUVC) Logitech QuickCam S5500(UVC)

DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta)

DRV - File not found [Kernel | On_Demand] -- -- (LVRS)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- -- (FilterService)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2009/03/25 10:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/03/25 10:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/03/25 10:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/03/25 10:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/03/25 10:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/10/04 15:50:19 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)

DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)

DRV - [2004/06/02 13:17:56 | 000,151,985 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)

DRV - [2004/05/20 08:45:20 | 000,068,950 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)

DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)

DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)

DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)

DRV - [2004/03/24 10:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Backup = http://rhodeisland.cox.net/cci/home

IE - HKU\Jim_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\Jim_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKU\Jim_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jim_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

O1 HOSTS File: ([2008/09/03 21:41:28 | 000,263,142 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 9128 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.

O2 - BHO: (no name) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - No CLSID value found.

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\Jim_ON_C\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.

O4 - HKLM..\Run: [buildBU] C:\dell\bldbubg.exe ()

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\Jim_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\Jim_ON_C..\Run: [EPSON Stylus NX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\Jim_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Jim_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Jim\Application Data\Snxtvfntrm) - C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe (Yrutaza)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - lvcodec2.dll File not found

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/26 15:51:41 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe

[2012/12/26 14:24:49 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 14:24:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2012/12/26 14:24:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data

[2012/12/26 14:24:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies

[2012/12/26 14:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun

[2012/12/26 14:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc

[2012/12/26 14:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities

[2012/12/26 14:24:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo

[2012/12/26 14:24:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

[2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu

[2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures

[2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music

[2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents

[2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites

[2012/12/26 14:24:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories

[2012/12/26 14:24:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache

[2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates

[2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood

[2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood

[2012/12/26 14:24:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CCWin

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory

[2012/12/26 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}

[2012/12/26 14:11:28 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe

[2012/12/26 14:05:03 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 14:05:02 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe

[2009/11/04 22:10:23 | 009,034,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mssefullinstall-x86fre-en-us-xp.exe

[2008/06/07 21:25:28 | 009,722,720 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd152.exe

[2007/01/28 12:20:37 | 036,808,256 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\iTunesSetup.exe

[2005/11/26 23:56:22 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jim\MSSSerif120.fon

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/29 12:14:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/12/29 12:13:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/12/29 12:12:39 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/29 12:12:38 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe

[2012/12/29 12:12:27 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/28 18:59:25 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe

[2012/12/26 15:51:43 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 15:51:41 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe

[2012/12/26 03:31:49 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/12/26 03:21:26 | 001,016,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/12/21 12:34:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll

[2012/12/12 03:11:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/28 18:14:39 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys

[2012/12/26 14:24:41 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk

[2012/12/26 14:24:41 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2012/12/26 14:24:41 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/12/26 14:24:41 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk

[2012/12/26 14:24:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/12/26 14:24:33 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk

[2012/12/26 14:24:33 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk

[2012/12/26 14:24:33 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk

[2012/02/16 02:25:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2009/12/25 09:07:04 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2009/11/04 07:32:18 | 000,000,822 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll

[2009/05/16 20:18:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/03/07 09:11:02 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2009/03/07 09:11:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/03/07 09:11:01 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2009/03/07 09:11:01 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2009/03/07 09:11:01 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2009/03/07 09:11:01 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2009/03/07 09:11:01 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2009/03/07 09:11:01 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2009/03/07 09:11:01 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2009/03/07 09:11:01 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2009/03/07 09:11:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2009/03/07 09:11:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2009/03/07 09:11:01 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2009/03/07 09:11:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2009/03/07 09:11:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2009/03/07 09:11:01 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2009/03/07 09:03:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\EPSNX200.ini

[2008/09/24 19:44:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\msacc30.ini

[2008/09/24 19:44:19 | 000,000,220 | ---- | C] () -- C:\WINDOWS\repl9.ini

[2008/07/01 21:00:56 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI

[2008/03/08 12:55:38 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/08 12:28:52 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2007/02/13 19:41:41 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/03/21 20:04:34 | 000,458,761 | ---- | C] () -- C:\Program Files\setup.exe

[2006/02/19 11:29:45 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2006/02/19 11:29:39 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL

[2006/02/19 11:29:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL

[2006/02/19 11:29:39 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL

[2006/02/19 11:29:29 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL

[2005/11/18 19:58:41 | 000,000,504 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2005/11/01 17:41:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Jim.ini

[2005/10/25 12:52:35 | 000,010,264 | ---- | C] () -- C:\WINDOWS\extend.dat

[2005/10/18 22:03:32 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/10/17 20:18:13 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2005/10/12 20:22:59 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat

[2005/10/10 15:14:54 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/10/04 15:58:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/10/04 15:52:16 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/10/04 15:49:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005/10/04 15:21:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2005/10/04 15:21:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:57:15 | 001,016,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 12:51:20 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll

[2004/08/10 12:51:20 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll

[2004/08/10 12:51:20 | 000,384,904 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 12:51:20 | 000,054,396 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/10 12:51:13 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 12:50:56 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll

[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1997/07/10 23:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE

[1997/07/10 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1997/07/10 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1997/07/10 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/03/29 12:02:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore

[2005/10/10 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech

[2009/04/19 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MyPublisher

[2006/11/25 14:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Snapfish

[2007/03/16 20:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Viewpoint

[2008/10/18 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Wal-Mart

[2008/10/18 16:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Wal-Mart Digital Photo Manager

[2007/05/13 15:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Wal-Mart Digital Photo Viewer

[2008/11/04 16:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2006/09/05 19:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC

[2006/09/05 15:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software

[2009/03/07 09:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2006/09/05 20:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited

[2008/02/02 11:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/03/07 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2007/03/16 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/10/18 16:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart

[2008/12/11 23:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008/08/11 15:45:20 | 000,086,712 | ---- | M] () -- C:\080811.pdf

[2006/04/17 19:01:59 | 001,279,267 | ---- | M] () -- C:\1_jack01.JPG

[2006/04/17 19:02:04 | 001,374,992 | ---- | M] () -- C:\1_jack02.JPG

[2006/04/17 19:02:06 | 001,238,813 | ---- | M] () -- C:\1_jack_03.JPG

[2008/01/01 17:58:10 | 000,057,856 | ---- | M] () -- C:\2007BowlPool.xls

[2007/09/02 22:17:42 | 000,136,704 | ---- | M] () -- C:\2007MMT081307.xls

[2007/09/17 09:28:40 | 000,137,216 | ---- | M] () -- C:\2007MMT20082707.xls

[2008/05/15 20:04:27 | 000,142,848 | ---- | M] () -- C:\2008MMT2008_5_15.xls

[2009/03/18 19:36:02 | 000,057,344 | ---- | M] () -- C:\2009 Entry Form_GlennK.xls

[2009/03/18 20:00:43 | 000,057,344 | ---- | M] () -- C:\2009 Entry Form_Jack.xls

[2009/03/18 20:00:25 | 000,057,344 | ---- | M] () -- C:\2009 Entry Form_JD.xls

[2009/04/03 18:54:04 | 000,034,816 | ---- | M] () -- C:\2009depth charts.xls

[2007/09/24 20:47:47 | 000,086,528 | ---- | M] () -- C:\aa_78h.xls

[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/06/12 21:51:44 | 000,036,864 | ---- | M] () -- C:\BEST BET.doc

[2008/12/24 10:22:12 | 000,143,360 | ---- | M] () -- C:\BG Loan Amortization.xls

[2007/08/29 19:46:38 | 003,670,168 | ---- | M] (Bodog Poker ) -- C:\BodogPokerClient.exe

[2009/06/06 11:22:36 | 000,024,576 | ---- | M] () -- C:\Book1.xls

[2005/10/10 14:31:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2008/10/28 19:38:29 | 002,912,256 | ---- | M] () -- C:\Brown DOF.mdb

[2008/04/10 22:09:59 | 000,016,384 | ---- | M] () -- C:\brown questions.xls

[2008/10/28 19:32:54 | 016,338,944 | ---- | M] () -- C:\Budget17.mdb

[2008/10/13 14:49:04 | 008,146,944 | ---- | M] () -- C:\Budget17pm.123

[2008/10/13 14:25:33 | 008,146,944 | ---- | M] () -- C:\Budget17pm.mdb

[2008/10/13 14:19:49 | 016,105,472 | ---- | M] () -- C:\Budget17_Backup.mdb

[2006/06/06 07:36:55 | 000,666,112 | ---- | M] () -- C:\business.biz

[2006/06/06 07:42:27 | 000,666,112 | ---- | M] () -- C:\businesscard.biz

[2009/11/14 15:40:50 | 000,026,112 | ---- | M] () -- C:\CALDER RACE COURSE.doc

[2007/05/21 21:29:52 | 000,016,384 | ---- | M] () -- C:\cap.xls

[2007/05/21 21:47:00 | 000,035,328 | ---- | M] () -- C:\CAP2.doc

[2008/09/22 19:09:05 | 000,015,360 | ---- | M] () -- C:\Cape golf.xls

[2011/01/12 22:30:07 | 001,043,890 | ---- | M] () -- C:\cc_20110112_2226.reg

[2011/09/08 18:27:02 | 000,281,992 | ---- | M] () -- C:\cc_20110908_1926.reg

[2009/03/19 22:41:40 | 000,088,576 | ---- | M] () -- C:\cfbl draft 2009.xls

[2008/09/14 08:23:59 | 000,020,992 | ---- | M] () -- C:\cfbl standings.xls

[2009/12/24 16:20:11 | 000,120,056 | ---- | M] () -- C:\chantal41.jpg

[2005/12/21 17:59:45 | 000,001,059 | ---- | M] () -- C:\color ties Jack.htm

[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2008/01/18 22:50:49 | 000,024,576 | ---- | M] () -- C:\Contact Us credit.doc

[2008/08/14 21:31:28 | 000,016,896 | ---- | M] () -- C:\CS_overpayment.xls

[2009/09/28 18:32:44 | 000,021,220 | ---- | M] () -- C:\DAILY ADMISSIONS.ods

[2005/10/04 15:25:52 | 000,005,875 | RH-- | M] () -- C:\dell.sdr

[2009/12/03 10:03:19 | 000,046,896 | ---- | M] () -- C:\DEPARTMENT GROWTH REPORT 2009.doc

[2009/12/03 10:02:08 | 000,011,716 | ---- | M] () -- C:\Departmental Growth Report.xlsx

[2008/04/02 21:52:43 | 000,220,672 | ---- | M] () -- C:\depthchart.xls

[2008/04/05 20:37:25 | 000,186,368 | ---- | M] () -- C:\depthchart_final.xls

[2008/05/05 21:02:47 | 000,029,696 | ---- | M] () -- C:\derby.xls

[2004/11/09 17:29:38 | 000,012,862 | ---- | M] () -- C:\desktop.ico

[2010/03/29 19:46:06 | 000,040,448 | ---- | M] () -- C:\DMV Web site.doc

[2009/10/27 20:21:27 | 000,055,236 | ---- | M] () -- C:\DOF FY11 URC Salary Presentation.xlsx

[2008/04/18 18:57:42 | 000,042,309 | ---- | M] () -- C:\downing_james_dof.pdf

[2009/11/13 21:48:43 | 000,031,866 | ---- | M] () -- C:\drf_analysis1113.pdf

[2006/12/03 15:37:21 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log

[2009/04/21 21:50:20 | 000,044,377 | ---- | M] () -- C:\EasyShare.dmp

[2007/09/11 19:40:33 | 000,021,504 | ---- | M] () -- C:\Ellen resume.doc

[2006/06/06 07:42:27 | 000,950,784 | ---- | M] () -- C:\ellenbrochure.bro

[2007/03/24 22:02:25 | 000,066,048 | ---- | M] () -- C:\EntrySummary.xls

[2009/03/07 16:01:14 | 001,048,409 | ---- | M] () -- C:\fb2.JPG

[2004/08/28 01:51:15 | 001,507,080 | ---- | M] () -- C:\FB_ED.JPG

[2008/09/13 17:12:31 | 004,575,930 | ---- | M] () -- C:\FB_J1.jpg

[2009/12/17 23:07:13 | 024,556,086 | ---- | M] () -- C:\FB_J3.BMP

[2008/09/10 16:13:10 | 004,302,731 | ---- | M] () -- C:\FB_J3.jpg

[2008/09/10 15:45:30 | 005,924,386 | ---- | M] () -- C:\FD_J2.jpg

[2006/04/11 20:09:21 | 000,004,930 | -HS- | M] () -- C:\ffastun.ffa

[2006/04/11 20:09:20 | 000,516,096 | -HS- | M] () -- C:\ffastun.ffl

[2006/04/11 20:09:21 | 000,659,456 | -H-- | M] () -- C:\ffastun.ffo

[2006/04/11 20:09:20 | 000,872,448 | -HS- | M] () -- C:\ffastun0.ffx

[2006/04/12 22:56:40 | 000,516,096 | ---- | M] () -- C:\ffastunT.ffl

[2009/01/02 13:34:58 | 000,030,720 | ---- | M] () -- C:\Fidelity_Child & Family.doc

[2006/12/16 21:41:24 | 000,003,950 | ---- | M] () -- C:\fred.jpg

[2008/09/06 21:37:11 | 000,715,776 | ---- | M] () -- C:\FRS.xls

[2006/10/18 23:28:07 | 000,601,600 | ---- | M] () -- C:\FTP Tourney.doc

[2005/11/01 17:33:58 | 007,687,705 | ---- | M] (InstallShield Software Corporation) -- C:\FullTiltSetup.exe

[2008/10/08 14:36:20 | 000,083,456 | ---- | M] () -- C:\Fund Transfer Smart Plan.doc

[2008/02/12 22:55:39 | 000,045,056 | ---- | M] () -- C:\FY08%20EPRS%20LLee_Stage%20B[1].doc

[2009/04/22 21:02:19 | 001,176,213 | ---- | M] () -- C:\FY10 Temp. Teaching Detail.xlsx

[2009/03/29 17:47:29 | 000,109,056 | ---- | M] () -- C:\Globetrotters.doc

[2006/07/05 21:33:17 | 000,026,299 | ---- | M] () -- C:\golf_115.jpeg

[2012/12/02 10:41:38 | 000,029,184 | ---- | M] () -- C:\Gulfstream Park.doc

[2009/06/04 21:36:15 | 000,025,088 | ---- | M] () -- C:\handicaps.xls

[2008/05/10 10:46:17 | 000,017,408 | ---- | M] () -- C:\handicaps_bill_d.xls

[2012/12/29 12:12:27 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/03 16:31:13 | 000,027,362 | ---- | M] () -- C:\HOL1pg1203.pdf

[2009/12/06 19:20:26 | 000,030,499 | ---- | M] () -- C:\HOL1pg1206.pdf

[2009/12/20 18:45:03 | 000,032,952 | ---- | M] () -- C:\HOL1pg1220.pdf

[2006/03/13 22:11:49 | 000,017,408 | ---- | M] () -- C:\HOME EQUITY.xls

[2006/05/15 14:08:39 | 000,018,944 | ---- | M] () -- C:\HOME EQUITY2.xls

[2009/11/29 15:50:32 | 000,434,040 | ---- | M] () -- C:\IMG00005-20090903-1219.jpg

[2005/11/18 19:56:35 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2008/09/06 20:08:07 | 535,261,532 | ---- | M] () -- C:\install_office2003.exe

[2009/04/21 21:17:22 | 534,834,027 | ---- | M] () -- C:\install_office2007.exe

[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2005/10/04 15:50:36 | 000,000,829 | -H-- | M] () -- C:\IPH.PH

[2008/12/11 23:42:04 | 068,756,776 | ---- | M] (Apple Inc.) -- C:\iTunesSetup.exe

[2005/12/11 18:21:48 | 000,640,214 | ---- | M] () -- C:\Jack Christmas card 2005.jpg

[2005/12/21 18:00:29 | 000,001,088 | ---- | M] () -- C:\jack with pumpkins color.htm

[2005/12/21 17:54:11 | 000,001,056 | ---- | M] () -- C:\jack with ties.htm

[2005/11/24 21:53:37 | 000,656,607 | ---- | M] () -- C:\jack.jpg

[2005/11/24 21:58:12 | 000,432,347 | ---- | M] () -- C:\jack10.jpg

[2005/11/24 21:58:28 | 000,410,025 | ---- | M] () -- C:\jack11.jpg

[2005/11/24 21:58:54 | 000,534,989 | ---- | M] () -- C:\jack12.jpg

[2005/11/24 21:59:21 | 000,376,310 | ---- | M] () -- C:\jack13.jpg

[2005/11/24 21:59:44 | 000,293,820 | ---- | M] () -- C:\jack14.jpg

[2005/11/24 21:59:58 | 000,503,891 | ---- | M] () -- C:\jack15.jpg

[2005/11/24 22:00:23 | 000,695,684 | ---- | M] () -- C:\jack16.jpg

[2005/11/24 22:00:37 | 000,722,919 | ---- | M] () -- C:\jack17.jpg

[2005/11/24 22:00:53 | 000,687,359 | ---- | M] () -- C:\jack18.jpg

[2005/11/24 22:01:38 | 000,484,766 | ---- | M] () -- C:\jack19.jpg

[2005/11/24 21:54:22 | 000,661,698 | ---- | M] () -- C:\jack2.jpg

[2005/11/24 22:02:03 | 001,029,399 | ---- | M] () -- C:\jack20.jpg

[2005/11/24 22:02:21 | 001,224,127 | ---- | M] () -- C:\jack21.jpg

[2005/11/24 22:02:38 | 001,017,575 | ---- | M] () -- C:\jack22.jpg

[2005/11/24 22:03:09 | 000,576,311 | ---- | M] () -- C:\jack23.jpg

[2005/11/24 22:03:28 | 000,627,316 | ---- | M] () -- C:\jack24.jpg

[2005/11/24 22:03:57 | 000,812,395 | ---- | M] () -- C:\jack25.jpg

[2005/11/24 22:06:07 | 000,605,375 | ---- | M] () -- C:\jack26.jpg

[2005/11/24 22:07:28 | 000,619,959 | ---- | M] () -- C:\jack27.jpg

[2005/11/24 21:54:58 | 000,654,806 | ---- | M] () -- C:\jack3.jpg

[2005/11/24 21:55:23 | 000,254,640 | ---- | M] () -- C:\jack4.jpg

[2005/11/24 21:55:51 | 000,185,094 | ---- | M] () -- C:\jack5.jpg

[2005/11/24 21:56:17 | 000,475,861 | ---- | M] () -- C:\jack6.jpg

[2005/11/24 21:56:44 | 001,050,942 | ---- | M] () -- C:\jack7.jpg

[2005/11/24 21:57:14 | 000,996,109 | ---- | M] () -- C:\jack8.jpg

[2005/11/24 21:57:35 | 000,339,543 | ---- | M] () -- C:\jack9.jpg

[2009/03/18 20:25:09 | 000,642,048 | ---- | M] () -- C:\JDLoanAmortization.xls

[2008/01/18 23:10:26 | 000,135,168 | ---- | M] () -- C:\jim credit report.doc

[2012/10/22 19:28:02 | 000,055,808 | ---- | M] () -- C:\John the Baptist portrait.doc

[2012/10/21 09:22:24 | 000,055,296 | ---- | M] () -- C:\John the Baptist.doc

[2006/08/19 09:15:23 | 000,023,552 | ---- | M] () -- C:\johnnie.xls

[2007/12/07 21:40:27 | 000,001,816 | ---- | M] () -- C:\Magazines_Cancellation info.htm

[2007/12/07 21:40:57 | 000,098,816 | ---- | M] () -- C:\magazine_cancellation info2.doc

[2008/04/03 22:31:30 | 000,019,456 | ---- | M] () -- C:\mcafee.doc

[2005/11/02 20:43:08 | 000,011,152 | ---- | M] () -- C:\MemberST - Receipt.htm

[2012/10/28 12:40:20 | 005,688,414 | ---- | M] () -- C:\mike crop.BMP

[2012/10/28 12:38:49 | 000,790,367 | ---- | M] () -- C:\mike crop.JPG

[2008/10/01 23:18:26 | 000,009,372 | ---- | M] () -- C:\Mike.jpg

[2012/10/28 12:55:35 | 000,830,464 | ---- | M] () -- C:\mikea arnold saint project.doc

[2012/10/28 12:54:27 | 000,830,464 | ---- | M] () -- C:\mikea arnold.doc

[2008/08/05 21:40:03 | 000,146,944 | ---- | M] () -- C:\MMT Rosters 8_1_08.xls

[2009/06/12 18:31:46 | 000,018,432 | ---- | M] () -- C:\mmt standingd before trade.xls

[2007/07/08 21:45:06 | 000,015,872 | ---- | M] () -- C:\mmt trade ideas.xls

[2007/07/15 08:40:14 | 000,033,280 | ---- | M] () -- C:\mmt trade ideas7_15.xls

[2006/05/19 22:30:52 | 000,034,304 | ---- | M] () -- C:\mmt trades.xls

[2006/05/21 17:14:19 | 000,014,336 | ---- | M] () -- C:\mmt trades2.xls

[2008/07/27 17:56:39 | 000,186,880 | ---- | M] () -- C:\mmt values 7.27.08.xls

[2008/08/05 21:39:58 | 000,191,488 | ---- | M] () -- C:\mmt values 8.4.08.xls

[2009/03/29 17:53:25 | 002,242,560 | ---- | M] () -- C:\mmt2009.mdb

[2009/04/03 23:26:18 | 000,799,232 | ---- | M] () -- C:\MMT2009.xls

[2006/08/13 20:59:13 | 000,215,040 | ---- | M] () -- C:\MMTRosters61906.xls

[2007/02/19 10:13:52 | 000,927,232 | ---- | M] () -- C:\mmt_tracking draft.xls

[2007/12/03 12:47:05 | 000,034,304 | ---- | M] () -- C:\MORTGAGE(1).xls

[2009/03/01 10:27:59 | 000,034,816 | ---- | M] () -- C:\MORTGAGE_George.xls

[2009/11/29 23:30:15 | 000,026,624 | ---- | M] () -- C:\MORTGAGE_ZINGA.xls

[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2008/03/30 17:07:48 | 000,198,144 | ---- | M] () -- C:\ncaa2008summary.xls

[2009/05/31 06:49:45 | 000,030,720 | ---- | M] () -- C:\newportfed passwords.doc

[2007/08/28 07:40:00 | 000,020,992 | ---- | M] () -- C:\Newsletter for Social Services.doc

[2007/08/10 17:18:50 | 000,020,480 | ---- | M] () -- C:\nh directions.doc

[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/08/23 21:08:50 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2008/04/27 09:08:50 | 000,033,482 | ---- | M] () -- C:\nyy.csv

[2006/02/05 13:00:30 | 000,917,765 | ---- | M] () -- C:\olivia.jpg

[2012/12/29 12:12:26 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

[2005/12/11 17:27:50 | 000,045,888 | ---- | M] () -- C:\Photo Center Add or Claim Photos.htm

[2008/09/06 21:43:39 | 000,742,400 | ---- | M] () -- C:\Pillar.xls

[2008/02/01 20:31:40 | 000,201,901 | ---- | M] () -- C:\props_2008.pdf

[2009/03/29 20:05:03 | 000,101,888 | ---- | M] () -- C:\Rd1 Update.xls

[2009/09/12 20:49:01 | 000,001,736 | ---- | M] () -- C:\RE-%20temp%20teaching%20funds

[2008/07/26 16:57:20 | 000,019,456 | ---- | M] () -- C:\REGISTRATION COMPLETE donotcall.doc

[2008/09/24 19:39:59 | 002,038,784 | ---- | M] () -- C:\repl9.exe

[2008/03/01 17:25:57 | 000,020,480 | ---- | M] () -- C:\SA 4th.doc

[2010/03/21 16:17:59 | 000,037,662 | ---- | M] () -- C:\SA1pg0321.pdf

[2009/02/01 10:00:48 | 000,140,800 | ---- | M] () -- C:\sb_prop#1.doc

[2009/02/01 10:00:00 | 000,199,168 | ---- | M] () -- C:\sb_prop#2.doc

[2006/05/14 18:35:57 | 000,832,810 | ---- | M] () -- C:\septic handbook.pdf

[2008/06/08 20:37:48 | 000,022,528 | ---- | M] () -- C:\sesame.xls

[2008/04/13 21:25:48 | 003,564,544 | ---- | M] () -- C:\Sick Leave Scenarios.xls

[2008/09/06 19:42:23 | 000,712,704 | ---- | M] () -- C:\sickleave.mdb

[2008/10/09 19:12:17 | 000,018,432 | ---- | M] () -- C:\sign in sheet.xls

[2008/09/17 22:57:54 | 000,067,584 | ---- | M] () -- C:\start up 8.17 night.xls

[2008/09/17 23:06:15 | 000,559,104 | ---- | M] () -- C:\startup.123.mdb

[2008/09/16 22:01:55 | 002,213,888 | ---- | M] () -- C:\StartUpAnalysis.xls

[2008/09/17 19:58:21 | 001,875,968 | ---- | M] () -- C:\StartUpnogood.accdb

[2005/10/04 15:50:45 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

[2009/09/12 20:46:28 | 000,000,595 | ---- | M] () -- C:\temp%20teaching%20funds

[2008/09/13 21:53:07 | 000,217,088 | ---- | M] () -- C:\test.mdb

[2009/01/01 22:05:41 | 000,135,680 | -HS- | M] () -- C:\Thumbs.db

[2008/08/07 21:24:59 | 000,280,576 | ---- | M] () -- C:\verizon.xls

[2007/12/17 23:47:30 | 000,059,392 | ---- | M] () -- C:\Week 15.doc

[2007/10/21 19:32:04 | 000,034,816 | ---- | M] () -- C:\week7.xls

[2008/08/18 20:21:47 | 000,230,400 | ---- | M] () -- C:\yahoo.xls

[2008/08/18 20:49:36 | 000,144,384 | ---- | M] () -- C:\yahoo2.xls

[2007/10/29 21:57:17 | 000,026,112 | ---- | M] () -- C:\Your order has been placed and received by Fidelity.doc

[2009/01/31 14:37:21 | 000,000,162 | -H-- | M] () -- C:\~$_prop#1.doc

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

[MrCharlie]

OK, basically what we want to do is copy the text that's in bold into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in bold into notepad and save it.

:OTL

IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKU\Jim_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.

O2 - BHO: (no name) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - No CLSID value found.

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\Jim_ON_C\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.

O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Jim\Application Data\Snxtvfntrm) - C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe (Yrutaza)

[2012/12/26 15:51:41 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe

[2012/12/26 14:24:49 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 14:05:03 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 14:05:02 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe

[2012/12/29 12:12:39 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/29 12:12:38 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe

[2012/12/26 14:11:28 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe

[2012/12/28 18:59:25 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe

[2012/12/26 15:51:43 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 15:51:41 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

[jd28]

OK, basically what we want to do is copy the text that's in bold into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in bold into notepad and save it.

:OTL

IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKU\Jim_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.

O2 - BHO: (no name) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - No CLSID value found.

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\Jim_ON_C\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.

O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Jim\Application Data\Snxtvfntrm) - C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe (Yrutaza)

[2012/12/26 15:51:41 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe

[2012/12/26 14:24:49 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 14:05:03 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 14:05:02 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe

[2012/12/29 12:12:39 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/29 12:12:38 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe

[2012/12/26 14:11:28 | 000,111,616 | ---- | C] (Yrutaza) -- C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe

[2012/12/28 18:59:25 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe

[2012/12/26 15:51:43 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe

[2012/12/26 15:51:41 | 000,111,616 | ---- | M] (Yrutaza) -- C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

Thanks - here is the log.

========== OTL ==========

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.

Registry key HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.

Registry key HKEY_USERS\Jim_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2C0A5F28-48D8-408B-9172-9C6121025BCE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C0A5F28-48D8-408B-9172-9C6121025BCE}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry key HKEY_USERS\Jim_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Jim\Application Data\Snxtvfntrm deleted successfully.

C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe moved successfully.

C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe moved successfully.

C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe moved successfully.

File C:\Documents and Settings\Jim\Local Settings\Application Data\Snxtvfntrm.exe not found.

File C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe not found.

File C:\Documents and Settings\Jim\Application Data\Snxtvfntrm.exe not found.

File C:\Documents and Settings\All Users\Application Data\Snxtvfntrm.exe not found.

File C:\Documents and Settings\Administrator\Local Settings\Application Data\Snxtvfntrm.exe not found.

File C:\Documents and Settings\Administrator\Application Data\Snxtvfntrm.exe not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 12292012_153430

[MrCharlie]

Does it boot up now???? MrC

[jd28]

Does it boot up now???? MrC

Yes, though I didn't change the BIOS settings. Do I need to reset them? Any remaining steps to complete?

[MrCharlie]

Yes, though I didn't change the BIOS settings. Do I need to reset them?

Eventually you should.

Any remaining steps to complete?

Yes...several

~~~~~~~~~~~~~~~~~~~~~~~

First............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[jd28]

Eventually you should. Yes...several ~~~~~~~~~~~~~~~~~~~~~~~ First............ Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingc...to-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC

combofix log below

ComboFix 12-12-29.02 - Jim 12/29/2012 21:44:02.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.193 [GMT -5:00]

Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\addon.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\amazon_ie.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DT.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DT_IE.exe

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DTUpdate.exe

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\facebook_ie.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\imdb_ie.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\search_here_ie.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\searchhere.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\twitter_ie.ico

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\uninstalldt.exe

c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico

c:\documents and settings\Jim\WINDOWS

c:\program files\MyWaySA

c:\program files\Setup.exe

c:\program files\Shared

c:\program files\Shared\lib.sig

C:\Thumbs.db

c:\windows\system32\bszip.dll

c:\windows\system32\twain.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\win.ini

c:\windows\system32\wininit.dll

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))

.

.

2012-12-30 02:23 . 2012-12-30 02:23 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\program files\W3i

2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i

2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder

2012-12-30 02:23 . 2012-12-30 02:58 -------- d-----w- c:\documents and settings\Jim\Application Data\DefaultTab

2012-12-30 02:23 . 2012-12-30 02:23 -------- d-----w- c:\program files\Yontoo

2012-12-30 02:22 . 2012-12-30 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2012-12-29 23:08 . 2012-12-29 23:08 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F51E25F-97CC-4828-9228-4D9F18F8C630}\offreg.dll

2012-12-29 22:52 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F51E25F-97CC-4828-9228-4D9F18F8C630}\mpengine.dll

2012-12-29 22:31 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-29 20:34 . 2012-12-29 20:34 -------- d-----w- C:\_OTL

2012-12-26 19:24 . 2012-12-26 19:24 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2004-08-10 17:51 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02 . 2004-08-10 17:50 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec

2012-10-02 18:04 . 2004-08-10 17:51 58368 ----a-w- c:\windows\system32\synceng.dll

2009-11-05 03:10 . 2009-11-05 03:10 9034488 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe

2008-06-08 02:25 . 2008-06-08 02:25 9722720 ----a-w- c:\program files\spybotsd152.exe

2007-01-28 17:20 . 2007-01-28 17:20 36808256 ----a-w- c:\program files\iTunesSetup.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-04 26112]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"BuildBU"="c:\dell\bldbubg.exe" [2005-10-04 61440]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

dlbcserv.lnk - [N/A]

Kodak EasyShare software.lnk - [N/A]

Microsoft Find Fast.lnk - [N/A]

Office Startup.lnk - [N/A]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

.

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2012-12-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant =

IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"

IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: malwarebytes.org

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll

AddRemove-DefaultTab - c:\documents and settings\Jim\Application Data\DefaultTab\DefaultTab\uninstalldt.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-29 22:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-12-29 22:04:09

ComboFix-quarantined-files.txt 2012-12-30 03:04

.

Pre-Run: 48,561,700,864 bytes free

Post-Run: 49,187,033,088 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C43953AE4C6F31B4508349BCF16CC62C

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Then.......

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.
   

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

[jd28]

Looks Good.....

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Then.......

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.
   

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

I was not able to download the free Malwarebytes Antimalware to my desktop. I tried to download it on my laptop and save it to a flash drive then install on my desktop but keep getting a runtime error '372' - Failed to load control 'WebBrowser' from ieframe.dll Your version of ieframe.dll may be outdated. Make sure you are using the version of the control that was provided with your application. I've pasted the AdwCleaner search log below.

# AdwCleaner v2.104 - Logfile created 12/29/2012 at 23:00:37

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Jim - D9LRKL81

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder

Folder Found : C:\Documents and Settings\Jim\Application Data\DefaultTab

Folder Found : C:\Documents and Settings\Jim\Application Data\Viewpoint

Folder Found : C:\Program Files\Viewpoint

Folder Found : C:\Program Files\Yontoo

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab

Key Found : HKCU\Software\DefaultTab

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\wecarereminder

Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\Software\MetaStream

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Found : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [4641 octets] - [29/12/2012 23:00:37]

########## EOF - C:\AdwCleaner[R1].txt - [4701 octets] ##########

[MrCharlie]

Some adware found....lets clear it out.....

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
   

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then can you update and run a scan with your Microsoft Security Essentials.

If not then download, update and run SUPERAntiSpyware Portable Scanner Personal Edition:

http://www.superanti...ag=SAS_HOMEPAGE

Let me know.....MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!