Jump to content

MBAM Blocked FireFox Blocked


AlexH

Recommended Posts

Hello,

Yesterday, my wife's told me that FireFox stopped working on her computer (even in safe mode). No matter what URL you tried to browser to, FireFox wouldn't show anything and the tab would say "untitled". IE didn't work either and crashed.

I downloaded MBAM. MBAM would not run unless I changed the name of the EXE. MBAM found some viruses including DNSChanger. The renamed MBAM now runs clean and so does Norton Internet Security, but still FireFox and IE have the original symptoms and MBAM remains blocked unless renamed.

I was able to install Google Chrome from a network share and it runs fine although I could not download GMER.

Today, I cannot use her computer in normal mode. The display distorts and the mouse locks up. I can use Safe Mode with Networking.

I ran Defogger and DDS.scr in Safe Mode. I copied a renamed GMER from the network share and it comes up and seems to do a quick registry scan, but then locks up when I try to click on it so I cannot get a scan from GMER.

Thanks for any help,

-AlexH

What follows is the DDS.txt:

DDS (Ver_10-10-21.02) - NTFSx86 NETWORK

Run by Cynthia H at 22:33:31.95 on Tue 10/26/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1750 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Cynthia H\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\cynthia h\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RecGuard] c:\windows\sminst\RecGuard.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} - hxxp://192.168.1.30/xplugxLiteTW.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215440153906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cynthi~1\applic~1\mozilla\firefox\profiles\9t0w9ee7.cynthia\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\cynthia h\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\cynthia h\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\cynthia h\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-23 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-23 173104]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-5 692272]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-23 501888]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-23 116784]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]

S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-23 126392]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-12 102448]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20101025.001\IDSXpx86.sys [2010-10-19 341880]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\24.tmp --> c:\windows\system32\24.tmp [?]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20101026.024\NAVENG.SYS [2010-10-26 86064]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20101026.024\NAVEX15.SYS [2010-10-26 1371184]

S3 ZJESJHU;ZJESJHU;c:\docume~1\cynthi~1\locals~1\temp\ZJESJHU.exe [2010-10-24 465792]

=============== Created Last 30 ================

2010-10-25 06:24:48 -------- d-----w- c:\program files\Sophos

2010-10-25 01:40:35 -------- d-----w- c:\program files\ESET

2010-10-24 02:55:52 -------- d-----w- c:\docume~1\cynthi~1\applic~1\Malwarebytes

2010-10-24 02:26:47 1409 ----a-w- c:\windows\QTFont.for

2010-10-24 02:21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-24 02:21:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-24 02:21:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-24 02:21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-23 18:00:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-23 18:00:59 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-10-20 22:23:45 -------- d-----w- C:\spoolerlogs

2010-10-13 05:04:01 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 05:04:00 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 05:04:00 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 05:03:30 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-02 23:30:34 106496 ----a-w- c:\windows\system32\ATL71.DLL

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-05 05:37:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

============= FINISH: 22:35:57.50 ===============

Attach.zip

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Thanks for replying.

I downloaded ComboFix and copied to the desktop. It didn't seem to want to run until I renamed it.

Once I did, PEV.EXE crashed.

I tried running the renamed ComboFix again, it said it couldn't access certain files.

I rebooted.

I ran the renamed ComboFix. I got a disclaimer dialog, then nothing.

TaskManager showed that there are a few processes running with cfxxe suffixes with 0 CPU usage.

I had to power off to reboot.

Tried again got disclaimer dialog and nothing again.

Note that I am running in Safe Mode since I'm having display issues in normal mode.

Am I missing a step?

Thanks,

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

Thanks for replying. First is OTL.TXT:

OTL logfile created on: 11/1/2010 9:35:10 PM - Run 1

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Cynthia H\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 47.75 Gb Total Space | 10.57 Gb Free Space | 22.13% Space Free | Partition Type: NTFS

Drive D: | 8.13 Gb Total Space | 1.17 Gb Free Space | 14.44% Space Free | Partition Type: FAT32

Computer Name: CYNTHIA | User Name: Cynthia H | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 21:26:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cynthia H\Desktop\OTL.com

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/01 21:26:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cynthia H\Desktop\OTL.com

MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll

MOD - [2008/04/13 17:11:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/10/24 21:30:38 | 000,465,792 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\Cynthia H\Local Settings\Temp\ZJESJHU.exe -- (ZJESJHU)

SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Stopped] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)

SRV - [2006/05/08 10:49:02 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)

SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\24.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/10/19 13:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101025.001\IDSXpx86.sys -- (IDSxpx86)

DRV - [2010/09/28 19:58:08 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101026.024\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/09/28 19:58:08 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101026.024\NAVENG.SYS -- (NAVENG)

DRV - [2010/08/31 15:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2010/08/04 22:48:36 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/08/04 22:37:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)

DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)

DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)

DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)

DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)

DRV - [2010/02/03 18:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)

DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/06/15 10:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2006/06/16 21:40:56 | 000,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2006/06/02 08:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2006/02/26 22:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/01/19 02:18:52 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005/10/13 02:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2005/08/21 17:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005/08/21 17:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2005/08/21 17:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/

IE - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/08/14 08:40:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/08/04 22:37:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 17:10:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 16:39:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/02 16:27:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/10/23 11:33:57 | 000,000,000 | ---D | M]

[2009/09/03 14:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\Mozilla\Extensions

[2010/10/23 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\Mozilla\Firefox\Profiles\9t0w9ee7.Cynthia\extensions

[2010/10/23 17:12:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cynthia H\Application Data\Mozilla\Firefox\Profiles\9t0w9ee7.Cynthia\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/23 11:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\Mozilla\Firefox\Profiles\gfvhvoca.default\extensions

[2009/09/06 20:17:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cynthia H\Application Data\Mozilla\Firefox\Profiles\gfvhvoca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/27 17:55:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Cynthia H\Application Data\Mozilla\Firefox\Profiles\gfvhvoca.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/10/23 16:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/23 11:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2008/07/17 05:58:18 | 000,253,062 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: HP9A2B54 HP0018FE9A2B54

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 8815 more lines...

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found

O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O15 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-1434909086-2943496809-1349502369-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} http://192.168.1.30/xplugxLiteTW.cab (Gif89 xLite Class)

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215440153906 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 21:30:33 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cynthia H\Desktop\OTL.com

[2010/10/31 01:12:34 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/10/31 00:36:31 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/26 21:15:16 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Cynthia H\Desktop\RootRepeal.exe

[2010/10/24 23:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/10/24 18:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/10/23 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cynthia H\Application Data\Malwarebytes

[2010/10/23 19:21:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/23 19:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/23 19:21:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/23 19:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/23 11:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/10/20 15:23:45 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/01 21:26:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cynthia H\Desktop\OTL.com

[2010/11/01 20:20:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/01 18:49:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/01 18:48:38 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010/10/31 22:09:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/10/31 22:09:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/10/31 22:08:16 | 002,965,768 | ---- | M] () -- C:\WINDOWS\ntbtlog.old

[2010/10/31 21:47:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/31 01:17:19 | 000,000,313 | ---- | M] () -- C:\hpqp.ini

[2010/10/31 01:17:15 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

[2010/10/31 01:16:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/31 00:29:37 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk

[2010/10/31 00:10:47 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

[2010/10/30 22:06:02 | 003,896,491 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Desktop\ComboFix.exe

[2010/10/30 22:06:02 | 003,896,491 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Desktop\CF.exe

[2010/10/27 23:12:41 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/26 22:38:33 | 000,005,488 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Attach.zip

[2010/10/26 22:30:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cynthia H\defogger_reenable

[2010/10/26 21:43:04 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Desktop\dds.scr

[2010/10/26 21:40:57 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Desktop\Defogger.exe

[2010/10/26 21:29:27 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Desktop\settings.dat

[2010/10/26 21:07:40 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Cynthia H\Desktop\RootRepeal.exe

[2010/10/26 16:43:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/26 16:01:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1434909086-2943496809-1349502369-1006UA.job

[2010/10/25 19:01:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1434909086-2943496809-1349502369-1006Core.job

[2010/10/24 18:40:20 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\esetsmartinstaller_enu.exe

[2010/10/23 19:27:21 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2010/10/23 19:26:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/10/23 19:26:47 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2010/10/23 19:26:43 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/10/23 19:21:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/23 19:01:39 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Desktop\Google Chrome.lnk

[2010/10/23 19:01:39 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/10/23 16:39:45 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 16:39:45 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 11:33:59 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/10/17 17:54:32 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Cynthia H\Desktop\Yahoo Groups Created.doc

[2010/10/13 03:28:48 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/13 03:12:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/12 06:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/07 09:01:44 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/07 09:01:44 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/31 22:09:41 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/10/31 22:09:41 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/10/31 01:00:21 | 003,896,491 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Desktop\CF.exe

[2010/10/31 00:33:12 | 003,896,491 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Desktop\ComboFix.exe

[2010/10/26 22:38:33 | 000,005,488 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Attach.zip

[2010/10/26 22:30:34 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Desktop\dds.scr

[2010/10/26 22:30:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Desktop\Defogger.exe

[2010/10/26 22:30:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cynthia H\defogger_reenable

[2010/10/26 21:15:24 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Desktop\settings.dat

[2010/10/24 19:54:34 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\esetsmartinstaller_enu.exe

[2010/10/23 19:27:21 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2010/10/23 19:26:47 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2010/10/23 19:26:46 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2010/10/23 19:21:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/23 19:01:39 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Desktop\Google Chrome.lnk

[2010/10/23 19:01:39 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/10/23 18:56:30 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1434909086-2943496809-1349502369-1006UA.job

[2010/10/23 18:56:30 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1434909086-2943496809-1349502369-1006Core.job

[2010/10/23 16:39:45 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 16:39:45 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 11:33:59 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/10/14 22:42:32 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Desktop\Yahoo Groups Created.doc

[2010/09/02 16:33:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Flowers

[2010/09/02 16:33:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Cynthia H\Application Data\Filters

[2010/09/02 16:33:43 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT

[2010/09/02 16:33:43 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Funk Animals

[2010/09/02 16:30:39 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Flange Saw

[2010/09/02 16:30:39 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Cynthia H\Application Data\Filesystems

[2010/09/02 16:30:39 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2010/09/02 16:30:39 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Fonts

[2009/02/03 19:44:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MC4MIntSetupWizard.dll

[2008/08/14 07:41:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/07/06 20:54:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2007/11/25 16:43:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\THBIni20.dll

[2007/11/25 16:43:02 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MC4MInt.dll

[2007/06/17 22:56:26 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2007/06/17 22:56:07 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2007/06/17 22:55:09 | 000,000,736 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2007/02/18 11:27:19 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/12/26 19:54:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI

[2006/12/26 19:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2006/12/26 19:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2006/12/25 11:23:53 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Local Settings\Application Data\fusioncache.dat

[2006/12/25 11:23:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Local Settings\Application Data\DSwitch.txt

[2006/12/25 11:23:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Local Settings\Application Data\AtStart.txt

[2006/12/25 11:23:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cynthia H\Local Settings\Application Data\QSwitch.txt

[2006/08/19 03:08:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/08/19 03:03:23 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/08/19 02:48:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/08/19 02:43:52 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/10 07:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/10 06:48:18 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/05/10 06:46:02 | 000,000,213 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/05/10 06:42:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/05/10 06:25:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/12/02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2006/12/27 13:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2010/09/02 16:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2007/10/10 15:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2010/09/02 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2010/08/04 22:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2010/09/02 16:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2006/12/27 12:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2010/09/02 18:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\com.Shutterfly.ExpressUploader

[2010/06/24 23:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\Facebook

[2008/02/13 21:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\Leadertech

[2007/02/21 19:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\MSNInstaller

[2007/02/21 20:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\Netscape

[2008/01/22 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\Opera

[2006/12/27 12:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia H\Application Data\WildTangent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/10/10 15:26:02 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt

[2010/11/01 18:48:38 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010/10/31 01:17:19 | 000,000,313 | ---- | M] () -- C:\hpqp.ini

[2010/10/31 22:09:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/06/12 08:03:57 | 000,020,585 | ---- | M] () -- C:\mombi.log

[2010/10/31 22:09:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com

[2008/07/17 09:53:20 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/11/01 18:49:12 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

[2010/10/31 01:17:15 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2006/05/09 23:15:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006/05/09 23:15:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-13 10:12:20

< End of report >

And Extras.txt:

OTL Extras logfile created on: 11/1/2010 9:35:10 PM - Run 1

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Cynthia H\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 47.75 Gb Total Space | 10.57 Gb Free Space | 22.13% Space Free | Partition Type: NTFS

Drive D: | 8.13 Gb Total Space | 1.17 Gb Free Space | 14.44% Space Free | Partition Type: FAT32

Computer Name: CYNTHIA | User Name: Cynthia H | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1434909086-2943496809-1349502369-1006\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)

"C:\Program Files\HP Rhapsody\rhapsody.exe" = C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody -- (RealNetworks, Inc.)

"C:\Program Files\Intuit\QuickBooks\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found

"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\IPView Pro\IPView Pro.exe" = C:\Program Files\IPView Pro\IPView Pro.exe:*:Enabled:IPView Pro -- ( )

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\NQqn.exe" = C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\NQqn.exe:*:Enabled:DHCP Client -- File not found

"C:\WINDOWS\system32\sysrest32.exe" = C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable -- File not found

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 22

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2

"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.3

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{552E6DA4-A0F9-41AC-8473-E825D60674EA}" = HP User Guides 0037

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper

"{665C721C-49A3-49E9-AED0-EBEDC1327D57}" = Setup Wizard

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update

"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio

"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader

"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100

"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{DACCA642-850A-4EB8-852C-4E78A1B91518}" = IPView Pro

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0

"ASAP Utilities_is1" = ASAP Utilities

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP

"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"ESET Online Scanner" = ESET Online Scanner v3

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Document Viewer" = HP Document Viewer 7.0

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Rhapsody" = HP Rhapsody

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)

"MSNINST" = MSN

"Netscape Browser" = Netscape Browser (remove only)

"NIS" = Norton Internet Security

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Quicken WillMaker Plus 2006" = Quicken WillMaker Plus 2006

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TurboTax 2008" = TurboTax 2008

"TurboTax 2009" = TurboTax 2009

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006

"WildTangent CDA" = WildTangent Web Driver

"WildTangent hplaptop Master Uninstall" = My HP Games

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1434909086-2943496809-1349502369-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"Google Chrome" = Google Chrome

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/24/2010 5:28:50 PM | Computer Name = CYNTHIA | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x7c9258c2.

Error - 10/24/2010 7:40:09 PM | Computer Name = CYNTHIA | Source = Application Error | ID = 1000

Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00002663.

Error - 10/25/2010 2:18:59 AM | Computer Name = CYNTHIA | Source = Application Error | ID = 1000

Description = Faulting application ZJESJHU.exe, version 1.71.0.0, faulting module

ZJESJHU.exe, version 1.71.0.0, fault address 0x00038c8b.

Error - 10/25/2010 11:00:13 AM | Computer Name = CYNTHIA | Source = Application Error | ID = 1000

Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting

module unknown, version 0.0.0.0, fault address 0x001a7183.

Error - 10/25/2010 5:23:51 PM | Computer Name = CYNTHIA | Source = Application Error | ID = 1001

Description = Fault bucket 2058636688.

Error - 10/25/2010 5:27:16 PM | Computer Name = CYNTHIA | Source = Application Error | ID = 1000

Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting

module unknown, version 0.0.0.0, fault address 0x001a7183.

Error - 10/25/2010 11:35:52 PM | Computer Name = CYNTHIA | Source = Application Error | ID = 1000

Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting

module unknown, version 0.0.0.0, fault address 0x001a7183.

Error - 10/28/2010 5:58:40 PM | Computer Name = CYNTHIA | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 10/28/2010 5:58:40 PM | Computer Name = CYNTHIA | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 3:36:21 AM | Computer Name = CYNTHIA | Source = Application Error | ID = 1000

Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,

version 0.0.0.0, fault address 0x0008d560.

[ System Events ]

Error - 10/31/2010 4:19:35 AM | Computer Name = CYNTHIA | Source = DCOM | ID = 10005

Description = DCOM got error "%1053" attempting to start the service gusvc with

arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 10/31/2010 4:19:36 AM | Computer Name = CYNTHIA | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Google Software Updater

service to connect.

Error - 11/1/2010 12:39:38 AM | Computer Name = CYNTHIA | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/1/2010 12:40:33 AM | Computer Name = CYNTHIA | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx86 ccHP eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI

Error - 11/1/2010 12:54:43 AM | Computer Name = CYNTHIA | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/1/2010 12:58:52 AM | Computer Name = CYNTHIA | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/1/2010 12:58:56 AM | Computer Name = CYNTHIA | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx86 ccHP eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI

Error - 11/1/2010 1:00:50 AM | Computer Name = CYNTHIA | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/1/2010 9:50:09 PM | Computer Name = CYNTHIA | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/1/2010 9:51:12 PM | Computer Name = CYNTHIA | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx86 ccHP eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI

< End of report >

Thanks,

-AlexH

Link to post
Share on other sites

Hi,

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - [2010/10/24 21:30:38 | 000,465,792 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\Cynthia H\Local Settings\Temp\ZJESJHU.exe -- (ZJESJHU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\24.tmp -- (MEMSWEEP2)
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    :Services
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\NQqn.exe"=-
    "C:\WINDOWS\system32\sysrest32.exe"=-

    :Reg

    :Files
    ipconfig /flushdns /c
    C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\NQqn.exe
    C:\WINDOWS\system32\sysrest32.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi,

I ran OTL with the Run Fix script.

I was unable to run RKUNHOOKERLE.EXE. I am still running WinXP in safe mode because the normal mode freezes up and the display goes crazy. I even tried renaming RKUNHOOKERLE but I still got "error loading/opening driver".

What should I try next?

Thanks,

-AlexH

Link to post
Share on other sites

Hi,

Download avz4.zip from HERE

  1. Unzip it to your desktop to a folder named avz4
  2. Double click on AVZ.exe to run it.
  3. Run an update by clicking the Auto Update button on the Right of the Log window: avz-update-button.png
  4. Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

  1. Start AVZ.
  2. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    avz-standardscripts-asa-removal.png
  3. Click on the
Link to post
Share on other sites

Hi,

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

Normal mode still does not work so I'm running in Safe Mode.

mbam still won't run unless I rename it. I updated to DB 5049, ran a quick scan, no threats found.

IE does not work, so I had to download ESETScan. It ran, and also no threats found.

What next? Thanks for your help.

-AlexH

Link to post
Share on other sites

Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :D

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

Hi,

I'm sure you are very busy, but please re-read this thread. The original symptoms still exist (display goes blank or distorts in normal mode, Firefox and IE do not work, MBAM.EXE will not run unless renamed) and the MBAM logs have always been clean after it detected and removed DNSChanger the first time around.

My guess is that because I am stuck running in safe mode that maybe the rootkit removal programs I ran did not complete the job and there is still a rootkit running.

Is there anything else to try or is it time to reformat and re-install Windows?

Thanks,

-AlexH

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.