Binzapped

Possible Malware

34 posts in this topic

Something took over my computer yesterday, disabled my AV & hid my shortcuts & programs. I shut down my computer & rebooted in Safe Mode with Networking. I downloaded the latest version of Malwarebytes & ran a full scan. I deleted the files that were recommended, several of which started with Hijack. When I started my computer again, the same problem reoccurred. I followed the instructions on this forum & created two logs that I'm attaching to this post.dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Administrator at 19:17:43 on 2012-09-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.554 [GMT -4:00]

.

AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: ZoneAlarm Free Firewall Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yapta BHO: {2020dfef-8c87-4229-aa41-549d82210355} - c:\program files\yapta\YaptaOverlay.dll

BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - c:\program files\check point software technologies ltd\zonealarm\1.6.4.5\bh\zonealarm.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - c:\program files\blekkotb_soc\blekkotb_019X.dll

BHO: Bucksbee Loyalty Plugin - Air Installer: {86a5a4f7-990c-f0b4-096e-6b6bfdc90ec9} - c:\program files\bucksbee loyalty plugin - air installer\BucksBee Loyalty Plugin.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - c:\program files\blekkotb_soc\blekkotb_019X.dll

TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - c:\program files\check point software technologies ltd\zonealarm\1.6.4.5\zonealarmTlbr.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

EB: &Yapta: {c3c07ad6-ace9-43ee-a2af-45bc13f6275f} - c:\program files\yapta\YaptaSidebar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [startNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\ReaderAppHelper.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [<NO NAME>]

mRun: [tJeOfxpyoLkuKU.exe] c:\documents and settings\all users\application data\tJeOfxpyoLkuKU.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\ehome\wireless g eh102\wirelesscm.exe

IE: {0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\yapta\YaptaSettings.exe

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0094A600-9BDD-4019-BAFE-487284F7D476} - {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - c:\program files\yapta\YaptaSidebar.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: trymedia.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail.alticor.com/iNotes6W.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264893462500

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aiche.webex.com/client/T27LB/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EB533642-0AFC-4559-A494-8CFFA296ACAE} - hxxps://mail.alticor.com/images/whlcache.cab?egap=internal

TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75

TCP: Interfaces\{98F06CAA-461C-40E2-804E-81B72764D147} : DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-9-9 133208]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-9-9 11352]

R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-7-22 526640]

R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-1 28552]

S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-9-9 485808]

S1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-9 228376]

S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-8-23 71480]

S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-8-23 166840]

S2 gupdate1c9d17f8aa53c4a;Google Update Service (gupdate1c9d17f8aa53c4a);c:\program files\google\update\GoogleUpdate.exe [2009-5-10 133104]

S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27056]

S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497320]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-8-23 976728]

S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250568]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2007-11-4 11648]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-10 133104]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 113120]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]

.

=============== Created Last 30 ================

.

2012-09-10 23:14:07 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2012-09-10 23:14:02 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

2012-09-10 01:56:55 11352 ----a-w- c:\windows\system32\drivers\kl2.sys

2012-09-10 01:56:53 133208 ----a-w- c:\windows\system32\drivers\kl1.sys

2012-09-09 20:46:04 373248 ---ha-w- c:\documents and settings\all users\application data\tJeOfxpyoLkuKU.exe

2012-08-23 20:20:08 65816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2012-08-18 00:59:59 -------- d--h--w- c:\program files\common files\Sony Shared

2012-08-18 00:59:59 -------- d-----w- c:\program files\Sony

.

==================== Find3M ====================

.

2012-09-01 13:04:12 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-01 13:04:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-06 02:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-04 14:05:18 139784 ------w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 19:19:21.70 ===============

attach.txt

Share this post


Link to post
Share on other sites

Hello and Welcome to the forum.

Looks like you're running 2 anti-virus programs.

AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove one of them:

Next:

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\documents and settings\all users\application data\tJeOfxpyoLkuKU.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Share this post


Link to post
Share on other sites

Thanks for the welcome. One thing I didn't mention in my 1st post is that when I booted up my computer in Safe Mode with Networking, I deleted the Microsoft Security Essentials AV & installed the Zonealarm AV. When I go into Control Panel -> Add/Remove Programs in Safe Mode, there is no sign of the MS Security Essentials so I'm surprised the log says it's still present. I can't go into Control Panel in Normal mode, the malware has hid it.

Here's the results from the scan:

SHA256: cd86b59a59b9f9c029b9bdee88db98f7439dc7afc796c158c4d094d5694e2fcf SHA1: 268145edb4a70587dd5ae3bc0b077090be7d31a4 MD5: fa6cb4d7f1187cce59ede9677acb760e File size: 364.5 KB ( 373248 bytes ) File name: EF2A04FD00E24E1DB2FC05FDC4C6660099A07200.exe File type: Win32 EXE Tags: peexe armadillo Detection ratio: 5 / 42 Analysis date: 2012-09-09 20:38:27 UTC ( 2 days, 5 hours ago )

0

0

More details

Antivirus Result Update AhnLab-V3 - 20120901 AntiVir - 20120901 Antiy-AVL - 20120831 Avast - 20120901 AVG - 20120902 BitDefender - 20120901 ByteHero - 20120818 CAT-QuickHeal - 20120901 ClamAV - 20120828 Commtouch - 20120901 Comodo TrojWare.Win32.Kryptik.AJVT 20120902 DrWeb - 20120902 Emsisoft - 20120902 eSafe - 20120830 ESET-NOD32 - 20120901 F-Prot - 20120901 F-Secure - 20120901 Fortinet W32/FakeRecovery.AEYK!tr 20120830 GData - 20120902 Ikarus - 20120901 Jiangmin - 20120901 K7AntiVirus - 20120831 Kaspersky - 20120902 McAfee - 20120902 McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20120901 Microsoft - 20120902 Norman W32/FakeAV.BHGE 20120831 nProtect - 20120901 Panda Suspicious file 20120901 PCTools - 20120902 Rising - 20120831 Sophos - 20120902 SUPERAntiSpyware - 20120901 Symantec - 20120902 TheHacker - 20120902 TotalDefense - 20120831 TrendMicro - 20120902 TrendMicro-HouseCall - 20120902 VBA32 - 20120901 VIPRE - 20120902 ViRobot - 20120901 VirusBuster -

Share this post


Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from this link

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

I tried running Combofix twice but both times it stalled at the same point, when it was creating

Output folder: C:\32788R22FWJFW.

Share this post


Link to post
Share on other sites

Restart the computer in Safe Mode and try running it.

Share this post


Link to post
Share on other sites

To clarify, when the Combofix hung up, the computer was running in Safe Mode.

Share this post


Link to post
Share on other sites

Go to StartBtn.gif -> Run -> copy/paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

killall.JPG

[*] Click OK and this will start ComboFix in a special way.

[*] When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply .

Share this post


Link to post
Share on other sites

I used the killall command in the Run box but Combofix stalled at the same point it did yesterday.

Share this post


Link to post
Share on other sites

Download Dr.Web CureIt to the desktop:

  • Doubleclick the drweb-cureit icon to start the program.
  • press start
  • Allow the program to run the initial express scan
  • This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
    Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
  • Once the scan is complete, the results will be displayed
  • on the menu bar, click file and choose report list.
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Close Dr.Web Cureit.
  • Please post the Dr.Web.txt report in your next reply

Reboot the computer in Normal Mode,

Post the Cure-it report

Share this post


Link to post
Share on other sites

I downloaded & installed Dr. Web Cureit in Safe Mode. It seemed to responding slowly. The message about buying their program came up but the program hung up after that.

Share this post


Link to post
Share on other sites

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\*. /rp /s
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL and Extras logs

Share this post


Link to post
Share on other sites

Here's the contents of the OTL log:

OTL logfile created on: 9/15/2012 3:12:26 PM - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.29 Mb Total Physical Memory | 405.79 Mb Available Physical Memory | 42.30% Memory free

2.26 Gb Paging File | 1.84 Gb Available in Paging File | 81.38% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 224.54 Gb Total Space | 176.64 Gb Free Space | 78.67% Space Free | Partition Type: NTFS

Drive D: | 8.33 Gb Total Space | 0.36 Gb Free Space | 4.32% Space Free | Partition Type: FAT32

Drive J: | 465.76 Gb Total Space | 430.86 Gb Free Space | 92.51% Space Free | Partition Type: NTFS

Computer Name: COMPAQ | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)

SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)

SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (srescan) -- system32\ZoneLabs\srescan.sys File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found

DRV - (DwProt) -- system32\drivers\dwprot.sys File not found

DRV - (Changer) -- File not found

DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportCerberus_42020) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys ()

DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys (Trusteer Ltd.)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)

DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)

DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)

DRV - (W8335XP) -- C:\WINDOWS\system32\drivers\MRV8335XP.sys (Marvell Semiconductor, Inc)

DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll File not found

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/30 22:38:17 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/21 15:03:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/03/25 12:50:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/08/14 20:44:38 | 000,000,000 | ---D | M]

[2012/05/07 20:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/21 15:03:57 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/06/21 07:42:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/05/13 17:27:34 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

[2012/06/21 07:42:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)

O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.)

O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.4.5\bh\zonealarm.dll (Montera Technologeis LTD)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files\blekkotb_soc\blekkotb_019X.dll ()

O2 - BHO: (Bucksbee Loyalty Plugin - Air Installer) - {86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9} - C:\Program Files\Bucksbee Loyalty Plugin - Air Installer\BucksBee Loyalty Plugin.dll (Freecause Inc.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.4.5\zonealarmTlbr.dll (Montera Technologeis LTD)

O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files\blekkotb_soc\blekkotb_019X.dll ()

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)

O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found

O4 - HKLM..\Run: [tJeOfxpyoLkuKU.exe] C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe (AAW)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\eHome\Wireless G EH102\wirelesscm.exe ( )

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll ()

O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found

O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe ()

O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mail.alticor.com/iNotes6W.cab (iNotes6 Class)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264893462500 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aiche.webex.com/client/T27LB/webex/ieatgpc.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O16 - DPF: {EB533642-0AFC-4559-A494-8CFFA296ACAE} https://mail.alticor.com/images/whlcache.cab?egap=internal (Whale Attachment Wiper for IE4 and higher)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98F06CAA-461C-40E2-804E-81B72764D147}: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75

O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 15:09:20 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/09/14 21:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb

[2012/09/12 21:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp

[2012/09/12 21:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

[2012/09/12 20:03:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2012/09/12 20:00:48 | 004,749,988 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2012/09/10 22:05:10 | 000,000,000 | ---D | C] -- C:\MGtools

[2012/09/10 22:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller

[2012/09/10 21:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2012/09/10 21:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine

[2012/09/10 21:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HPQ

[2012/09/10 21:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!

[2012/09/10 19:17:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos

[2012/09/10 19:17:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools

[2012/09/10 19:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2012/09/10 19:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2012/09/10 19:14:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE

[2012/09/10 19:14:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache

[2012/09/09 21:56:55 | 000,011,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys

[2012/09/09 21:56:53 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys

[2012/09/09 21:56:28 | 000,485,808 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2012/09/09 16:46:04 | 000,373,248 | -H-- | C] (AAW) -- C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe

[2012/08/23 16:20:08 | 000,065,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2012/08/17 21:00:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reader for PC

[2012/08/17 20:59:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Sony Shared

[2012/08/17 20:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[135 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[133 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/15 15:09:23 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/09/15 14:57:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/09/14 22:00:09 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job

[2012/09/14 21:56:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/09/14 21:17:58 | 093,133,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe

[2012/09/13 23:00:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/09/12 21:57:42 | 000,048,795 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bulbar ALS.pdf

[2012/09/12 20:00:48 | 004,749,988 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2012/09/10 22:08:55 | 000,210,925 | ---- | M] () -- C:\MGlogs.zip

[2012/09/10 21:40:51 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2012/09/10 21:39:24 | 001,670,275 | ---- | M] () -- C:\MGtools.exe

[2012/09/10 21:36:12 | 002,193,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip

[2012/09/10 21:32:08 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe

[2012/09/10 21:24:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2012/09/09 22:19:54 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/09 22:02:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/09/09 17:35:19 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2012/09/09 17:25:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/09/09 16:43:40 | 000,373,248 | -H-- | M] (AAW) -- C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe

[2012/09/03 10:59:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012/08/23 16:20:08 | 000,065,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2012/08/18 08:49:21 | 000,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/08/17 21:00:18 | 000,001,798 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Reader for PC.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[135 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[133 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/14 21:17:29 | 093,133,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe

[2012/09/12 21:57:42 | 000,048,795 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bulbar ALS.pdf

[2012/09/10 22:05:12 | 000,210,925 | ---- | C] () -- C:\MGlogs.zip

[2012/09/10 21:40:51 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2012/09/10 21:39:16 | 001,670,275 | ---- | C] () -- C:\MGtools.exe

[2012/09/10 21:36:12 | 002,193,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip

[2012/09/10 21:31:55 | 001,378,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe

[2012/09/10 21:24:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2012/08/17 21:00:18 | 000,001,798 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Reader for PC.lnk

[2012/02/24 23:55:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/05/24 19:01:00 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20635428r

[2011/05/24 19:01:00 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20635428

[2011/05/24 18:50:09 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\20635428

[2011/05/14 11:33:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/10/30 16:56:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2006/08/08 04:39:53 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2010/10/31 12:34:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2012/09/14 21:58:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor

[2010/10/30 15:42:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/10/19 21:20:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2012/05/13 17:27:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars

[2011/11/11 23:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint

[2010/05/28 18:48:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access

[2010/10/19 21:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/08/04 22:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation

[2010/02/24 21:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2007/11/04 18:08:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2011/12/04 17:16:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma

[2007/09/19 21:40:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2010/10/19 21:18:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2007/06/17 14:14:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/07/25 14:11:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer

[2007/11/04 19:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2011/03/25 12:52:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/05/29 13:44:06 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2012/09/14 22:00:09 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2005/08/31 00:02:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2007/01/15 22:18:08 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK

[2011/05/29 12:09:37 | 000,000,280 | RHS- | M] () -- C:\boot.ini

[2004/08/09 17:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2005/08/31 00:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/04/04 15:41:23 | 000,025,874 | ---- | M] () -- C:\CybDefInstallInfo.log

[2006/08/08 05:33:21 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log

[2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2012/09/10 22:08:55 | 000,210,925 | ---- | M] () -- C:\MGlogs.zip

[2012/09/10 21:39:24 | 001,670,275 | ---- | M] () -- C:\MGtools.exe

[2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/09 17:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/08/22 22:34:53 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/09/15 14:57:14 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys

[2011/05/28 14:07:33 | 000,000,481 | ---- | M] () -- C:\Shortcut to Documents.lnk

[2012/09/10 22:04:12 | 000,090,410 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_10.09.2012_22.02.48_log.txt

[2012/07/30 22:35:13 | 000,000,125 | ---- | M] () -- C:\user.js

[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >

[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

[2006/02/19 13:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >

[2005/08/31 00:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2001/08/29 00:00:00 | 000,008,192 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD3q.DLL

[2001/08/29 00:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP3q.DLL

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll

[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

[2004/01/05 10:57:16 | 000,000,130 | -H-- | M] () -- C:\Documents and Settings\All Users\Favorites\Alticor VPN Tester.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2005/08/30 16:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2005/08/30 16:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2005/08/30 16:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

[2008/08/22 22:47:33 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2006/08/08 04:47:45 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2005/08/31 00:06:40 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

[2012/09/12 20:00:48 | 004,749,988 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2012/09/14 21:17:58 | 093,133,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe

[2012/09/15 15:09:23 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/09/10 21:32:08 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

[9 C:\Program Files\Internet Explorer\*.tmp files -> C:\Program Files\Internet Explorer\*.tmp -> ]

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

[2001/07/08 22:56:36 | 001,555,948 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\4146xdat.exe

[2001/09/08 15:13:10 | 001,457,229 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\4157xdat.exe

[2001/09/12 14:36:28 | 000,508,240 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\My Documents\ie6setup.exe

[2001/05/19 13:12:56 | 001,871,940 | -H-- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Administrator\My Documents\igd312au.exe

[2001/05/19 13:03:06 | 004,129,397 | -H-- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Administrator\My Documents\MF0215au.exe

[2001/01/06 02:09:02 | 004,776,971 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\sdat4114.exe

[2001/04/08 01:12:26 | 004,819,433 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\sdat4132.exe

< %USERPROFILE%\*.exe >

< %systemroot%\*. /rp /s >

< %systemroot%\ADDINS\*.* >

[2004/08/10 00:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2005/08/31 00:06:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

[2012/09/15 15:09:05 | 000,081,920 | -H-- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-08-15 01:30:40

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction

[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

Here's the Extras log:

OTL Extras logfile created on: 9/15/2012 3:12:26 PM - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.29 Mb Total Physical Memory | 405.79 Mb Available Physical Memory | 42.30% Memory free

2.26 Gb Paging File | 1.84 Gb Available in Paging File | 81.38% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 224.54 Gb Total Space | 176.64 Gb Free Space | 78.67% Space Free | Partition Type: NTFS

Drive D: | 8.33 Gb Total Space | 0.36 Gb Free Space | 4.32% Space Free | Partition Type: FAT32

Drive J: | 465.76 Gb Total Space | 430.86 Gb Free Space | 92.51% Space Free | Partition Type: NTFS

Computer Name: COMPAQ | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)

"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

"C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YEMF38AF\svchost[1].exe" = C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YEMF38AF\svchost[1].exe:*:Enabled:ldrsoft

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon

"C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox

"C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand

"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Bucksbee Loyalty Plugin - Air Installer\TroubleShooter.exe" = C:\Program Files\Bucksbee Loyalty Plugin - Air Installer\TroubleShooter.exe:*:Enabled:Bucksbee Loyalty Plugin - Air Installer (Helper) -- (FreeCause Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{02F29E25-2B7A-43BA-AF95-D0978593F399}" = Reader for PC

"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2CAAE352-4E07-4787-8ED0-C56915DC0F0E}" = ZoneAlarm Firewall

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{599AEC85-1EB3-4F26-9D2A-B6A1360B9803}" = ZoneAlarm Security

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{6D5D1791-756B-4C79-98DF-3505C45FDD2F}" = ZoneAlarm Antivirus

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{704BA20C-E4D5-4265-92B4-9768345AB76B}" = AVG 2011

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig

"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3

"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config

"{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin

"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1

"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime

"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D78E3B21-DBE8-4B54-8EBB-8E5A24DFEB9D}" = eHome EH102 Wireless G Desktop Adapter

"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview

"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E1ACFF16-2555-48B0-8EFB-008818A42613}" = calibre

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E42E14F4-D4BB-4C3E-88DE-CB79A1C003DA}" = MLDownloader

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F324D324-6531-33DC-F5BA-CD360B156275}" = Comcast Access

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"AbacastNode:11" = Abacast Distributed On-Demand

"ActiveScan 2.0" = Panda ActiveScan 2.0

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor

"ATI Display Driver" = ATI Display Driver

"AwayMode160" = Microsoft Away Mode

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"blekkotb_soc" = Blekko search bar

"Bucksbee Loyalty Plugin - Air Installer" = Bucksbee Loyalty Plugin - Air Installer

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP

"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access

"DISCover" = DISCover

"Glary Utilities_is1" = Glary Utilities 2.29.0.1032

"Google Updater" = Google Updater

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Netscape Browser" = Netscape Browser (remove only)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial

"PC Tune-Up" = PC Tune-Up

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"Plaxo" = Plaxo Toolbar for Windows

"Python 2.2.3" = Python 2.2.3

"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)

"Rapport_msi" = Rapport

"RealPlayer 6.0" = RealPlayer

"Rhapsody" = Rhapsody

"Round Robin Calculator_is1" = Round Robin Calculator v2.21

"StartNow Toolbar" = StartNow Toolbar

"STC3_is1" = System Tray Cleaner 3

"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE

"tradetrk2_is1" = TradeTrakker

"WildTangent CDA" = WildTangent Web Driver

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid_is1" = Xvid 1.2.1 final uninstall

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

"Yahoo! Toolbar" = Yahoo! Toolbar

"Yapta" = Yapta

"YInstHelper" = Yahoo! Install Manager

"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 9/3/2012 10:16:57 PM | Computer Name = COMPAQ | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\TRADETRAKKER

DATA\STOCKS.$$1> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 9/3/2012 10:16:57 PM | Computer Name = COMPAQ | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\TRADETRAKKER

DATA\STOCKS.BAK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 9/3/2012 10:21:17 PM | Computer Name = COMPAQ | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\TRADETRAKKER

DATA\STOCKS.TTD> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 9/9/2012 9:50:51 PM | Computer Name = COMPAQ | Source = MPSampleSubmission | ID = 5000

Description =

Error - 9/9/2012 9:56:46 PM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 9/9/2012 11:18:48 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0

Description =

Error - 9/10/2012 10:08:52 PM | Computer Name = COMPAQ | Source = WmiAdapter | ID = 4099

Description = Open of service failed.

Error - 9/11/2012 10:01:16 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0

Description =

Error - 9/11/2012 10:18:24 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0

Description =

Error - 9/14/2012 9:57:27 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0

Description =

[ System Events ]

Error - 9/14/2012 9:57:59 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ftsata2

Error - 9/14/2012 10:03:25 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/14/2012 10:04:32 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips ftsata2 intelppm KLIF pavboot

Error - 9/14/2012 11:07:32 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/14/2012 11:08:39 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips ftsata2 intelppm KLIF pavboot

Error - 9/14/2012 11:14:11 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service MSIServer with

arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/14/2012 11:52:44 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/15/2012 2:57:36 PM | Computer Name = COMPAQ | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.5 for the Network Card with network

address 00195B04AB21 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 9/15/2012 2:59:02 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips ftsata2 intelppm KLIF pavboot

Error - 9/15/2012 3:01:11 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Share this post


Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files\blekkotb_soc\blekkotb_019X.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
    O4 - HKLM..\Run: [tJeOfxpyoLkuKU.exe] C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe

    :Files
    C:\Program Files\StartNow Toolbar\Toolbar32.dll
    C:\Program Files\blekkotb_soc\blekkotb_019X.dll
    C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe

    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Share this post


Link to post
Share on other sites

This appeared to fix quite a few things. Most of my Desktop icons are still hidden & my All Programs folder is empty plus my Desktop background is all red. Here's the OTL log after it rebooted:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.

C:\Program Files\StartNow Toolbar\Toolbar32.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.

File C:\Program Files\StartNow Toolbar\Toolbar32.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}\ deleted successfully.

C:\Program Files\blekkotb_soc\blekkotb_019X.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tJeOfxpyoLkuKU.exe deleted successfully.

C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe moved successfully.

========== FILES ==========

File\Folder C:\Program Files\StartNow Toolbar\Toolbar32.dll not found.

File\Folder C:\Program Files\blekkotb_soc\blekkotb_019X.dll not found.

File\Folder C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 5016 bytes

User: All Users

User: Compaq_Administrator

User: Default User

->Flash cache emptied: 41661 bytes

User: LocalService

User: Mary Gainey-Sutton

->Flash cache emptied: 42272 bytes

User: NetworkService

User: TEMP

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 195058129 bytes

->Temporary Internet Files folder emptied: 289763616 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Administrator

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 1056408 bytes

->Temporary Internet Files folder emptied: 36556 bytes

User: Mary Gainey-Sutton

->Temp folder emptied: 1965087 bytes

->Temporary Internet Files folder emptied: 42854343 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 24665093 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 4394762 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: TEMP

%systemdrive% .tmp files removed: 26878492 bytes

%systemroot% .tmp files removed: 2134636 bytes

%systemroot%\System32 .tmp files removed: 56226298 bytes

%systemroot%\System32\dllcache .tmp files removed: 56400384 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 329098182 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 370116444 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,336.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.61.5 log created on 09172012_070853

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF72ED.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7311.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7441.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7490.tmp not found!

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7UQ18TI\index[2].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DCD1HGKT\fastbutton[1].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8KI55S14\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\WINDOWS\temp\ZLT03620.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Share this post


Link to post
Share on other sites

The unhide program partially fixed the problem. Some of the Desktop icons are visible now & most of the Systray icons are back (Dropbox is missing) & the programs are visible.

I'm having a problem with Firefox. When I try running it, I get a message "Firefox is already running, but is not responding. To open a new window, you must 1st close the existing Firefox process, or restart your system." Firefox isn't running & restarting doesn't fix this.

Also the Quicklaunch bar is missing all of the icons and the Start Menu is missing some sections.

Share this post


Link to post
Share on other sites

Delete the combofix.exe you have on the desktop now and get a fresh copy.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from this link

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

The one thing that Combofix fixed is the Start Menu. The QuickLaunch bar still doesn't have it's icons, Dropbox is still missing from the Systray, some of my desktop shortcuts are still missing. Firefox no longer has an icon on the desktop & when I try to start it, I get the same error message as posted previously.

Here's the Combofix log:

ComboFix 12-09-18.06 - Compaq_Administrator 09/18/2012 21:38:05.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.303 [GMT -4:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\20635428

c:\documents and settings\All Users\Start Menu\Programs\ClickPotato

c:\documents and settings\All Users\Start Menu\Programs\ClickPotato\About Us.lnk

c:\documents and settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk

c:\documents and settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery

c:\documents and settings\Compaq_Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Mary Gainey-Sutton\WINDOWS

c:\program files\Internet Explorer\SET198.tmp

c:\program files\Internet Explorer\SET199.tmp

c:\program files\Internet Explorer\SET19B.tmp

c:\program files\Internet Explorer\SET52.tmp

c:\program files\Internet Explorer\SET53.tmp

c:\program files\Internet Explorer\SET55.tmp

c:\program files\Internet Explorer\SET7E.tmp

c:\program files\Internet Explorer\SET7F.tmp

c:\program files\Internet Explorer\SET81.tmp

c:\program files\RadioPI_4eEI

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\protect\index.html

c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files\StartNow Toolbar\Resources\protect\window.css

c:\program files\StartNow Toolbar\Resources\protect\window.js

c:\program files\StartNow Toolbar\Resources\reactivate\index.html

c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\window.css

c:\program files\StartNow Toolbar\Resources\reactivate\window.js

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files\StartNow Toolbar\uninstall.dat

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\wt

c:\windows\wt\data.wts

c:\windows\wt\updater\wcmdmgr.exe

c:\windows\wt\updater\wcmdmgrl.exe

c:\windows\wt\updater\wt.ini

c:\windows\wt\webdriver.dll

c:\windows\wt\webdriver\4.1.1\actorobject.dll

c:\windows\wt\webdriver\4.1.1\dx5drv.dll

c:\windows\wt\webdriver\4.1.1\dx7drv.dll

c:\windows\wt\webdriver\4.1.1\objectbundle.dll

c:\windows\wt\webdriver\4.1.1\sound.dll

c:\windows\wt\webdriver\4.1.1\wdcaps.ded

c:\windows\wt\webdriver\4.1.1\wdengine.dll

c:\windows\wt\webdriver\4.1.1\webdriver.dll

c:\windows\wt\webdriver\4.1.1\wthost.exe

c:\windows\wt\webdriver\4.1.1\wthostctl.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.jar

c:\windows\wt\webdriver\4.1.1\wtwmplug.ax

c:\windows\wt\webdriver\4.1.1\wtwmplug.ini

c:\windows\wt\webdriver\jdriver.dll

c:\windows\wt\webdriver\rdriver.dll

c:\windows\wt\webdriver\wildtangent.jar

c:\windows\wt\wt3d.dll

c:\windows\wt\wt3d.ini

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html

c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt

c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts

c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded

c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar

c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini

c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe

c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar

c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax

c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini

c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo

c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll

c:\windows\wt\wtupdates\wtupdater\appinfo.dat

c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts

c:\windows\wt\wtvh.dll

D:\Autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))

.

.

2012-09-17 23:56 . 2012-09-18 00:53 399264 ----a-w- c:\windows\unhide.exe

2012-09-17 23:54 . 2012-09-17 23:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Downloads

2012-09-17 11:08 . 2012-09-17 11:08 -------- d-----w- C:\_OTL

2012-09-15 01:19 . 2012-09-15 01:19 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb

2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2012-09-11 02:05 . 2012-09-11 02:08 -------- d-----w- C:\MGtools

2012-09-11 01:49 . 2012-09-11 01:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-09-11 01:40 . 2012-09-11 01:40 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-09-11 01:14 . 2012-09-11 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ

2012-09-11 01:08 . 2012-09-11 01:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!

2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-09-10 01:56 . 2012-01-09 22:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys

2012-09-10 01:56 . 2012-01-09 22:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys

2012-09-07 15:07 . 2012-09-07 15:07 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-11 02:08 . 2012-09-11 02:05 210925 ----a-w- C:\MGlogs.zip

2012-09-07 21:04 . 2010-04-05 13:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-01 13:04 . 2012-04-06 02:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-01 13:04 . 2011-05-15 01:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-06 02:07 . 2007-05-02 02:04 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 02:06 . 2012-08-04 22:33 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-06 02:06 . 2011-05-29 16:06 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-04 14:05 . 2004-08-10 04:00 139784 ------w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2004-08-10 04:00 385024 ------w- c:\windows\system32\html.iec

2012-07-21 19:03 . 2011-05-14 15:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{da3116fa-099a-5814-4183-e1a9eeb94f35}"= "c:\program files\Bucksbee Loyalty Plugin - Air Installer\Helper.dll" [2012-05-13 361984]

.

[HKEY_CLASSES_ROOT\clsid\{da3116fa-099a-5814-4183-e1a9eeb94f35}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{58A52AA3-40A4-B184-E12A-7F02C33D6D41}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9}]

2012-02-09 04:19 13632 ----a-w- c:\program files\Bucksbee Loyalty Plugin - Air Installer\BucksBee Loyalty Plugin.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408]

"PlaxoUpdate"="c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe" [2009-10-01 403015]

"PlaxoSysTray"="c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe" [2009-10-01 20480]

"AbacastDistributedOnDemand:11"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712]

"STC"="c:\program files\Innovative Solutions\System Tray Cleaner\stc.exe" [2011-11-04 2618288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-07-22 73392]

"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-07-12 892928]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-07-14 738984]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]

.

c:\documents and settings\Mary Gainey-Sutton\Start Menu\Programs\Startup\

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136]

.

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [N/A]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

Wireless Connection Manager.lnk - c:\program files\eHome\Wireless G EH102\wirelesscm.exe [2007-1-20 10244096]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-8 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Documents and Settings\\Compaq_Administrator\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bucksbee Loyalty Plugin - Air Installer\\TroubleShooter.exe"=

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/1/2010 10:10 PM 28552]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9/9/2012 9:56 PM 11352]

R1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [8/9/2012 10:06 PM 228376]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/7/2012 11:07 AM 71480]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/7/2012 11:07 AM 166840]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 10:44 AM 27056]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 10:44 AM 497320]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/7/2012 11:07 AM 976728]

R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 4:40 PM 21520]

S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]

S2 gupdate1c9d17f8aa53c4a;Google Update Service (gupdate1c9d17f8aa53c4a);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 10:11 PM 250568]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [11/4/2007 7:46 PM 11648]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 8:27 PM 113120]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 14336]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:04]

.

2011-05-29 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-10-31 01:55]

.

2012-09-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 01:06]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56]

.

2012-09-19 c:\windows\Tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = about:blank

uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uInternet Settings,ProxyOverride = *.r5.attbi.com;<local>;*.local

uInternet Settings,ProxyServer = sas.r5.attbi.com:8000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe

IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - c:\program files\Yapta\YaptaSidebar.dll

Trusted Zone: aol.com\free

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: {EB533642-0AFC-4559-A494-8CFFA296ACAE} - hxxps://mail.alticor.com/images/whlcache.cab?egap=internal

FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm

FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21

FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms}

FF - prefs.js: network.proxy.ftp - sas.r5.attbi.com

FF - prefs.js: network.proxy.ftp_port - 8000

FF - prefs.js: network.proxy.http - sas.r5.attbi.com

FF - prefs.js: network.proxy.http_port - 8000

FF - prefs.js: network.proxy.socks - sas.r5.attbi.com

FF - prefs.js: network.proxy.socks_port - 8000

FF - prefs.js: network.proxy.ssl - sas.r5.attbi.com

FF - prefs.js: network.proxy.ssl_port - 8000

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.zonealarm.autoRvrt - false

FF - user.js: extensions.zonealarm_i.hmpg - true

FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21

FF - user.js: extensions.zonealarm.dfltSrch - true

FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm

FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms}

FF - user.js: extensions.zonealarm_i.dnsErr - true

FF - user.js: extensions.zonealarm_i.newTab - true

FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21

FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=c056723000000000000000195b04ab21&q=

FF - user.js: extensions.zonealarm.id - c056723000000000000000195b04ab21

FF - user.js: extensions.zonealarm.instlDay - 15552

FF - user.js: extensions.zonealarm.vrsn - 1.6.4.5

FF - user.js: extensions.zonealarm.vrsni - 1.6.4.5

FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.4.522:35

FF - user.js: extensions.zonealarm.prtnrId - checkpoint

FF - user.js: extensions.zonealarm.prdct - zonealarm

FF - user.js: extensions.zonealarm.aflt - 1001

FF - user.js: extensions.zonealarm_i.smplGrp - none

FF - user.js: extensions.zonealarm.tlbrId - base

FF - user.js: extensions.zonealarm.instlRef - ZLN00212370455149-1001

FF - user.js: extensions.zonealarm.dfltLng - en

FF - user.js: extensions.zonealarm.excTlbr - false

FF - user.js: extensions.zonealarm.admin - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-DealRunner - c:\program files\DealRunner\DealRunner.exe

AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-18 22:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1015641442-117758955-2228853932-1007\Software\Microsoft\Driver Signing]

@Denied: (2) (Administrators)

@Allowed: (2) (Administrators)

@SACL=

"Policy"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(860)

c:\windows\system32\Ati2evxx.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'lsass.exe'(916)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'explorer.exe'(3680)

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll

c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\snmp.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\ARPWRMSG.EXE

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Brother\Brmfcmon\BrMfimon.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

c:\hp\KBD\KBD.EXE

.

**************************************************************************

.

Completion time: 2012-09-18 22:47:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-19 02:47

.

Pre-Run: 193,152,876,544 bytes free

Post-Run: 194,610,675,712 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 786F3BFEF723070854E10EE3AC280393

Share this post


Link to post
Share on other sites

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown. You need to uninstall one of your anti-virus programs.

Reboot and let me know how it's running

Share this post


Link to post
Share on other sites

As mentioned in one of earlier posts, while in Safe Mode when the malware was still on my computer, I went to Control Panel and removed MS Security Essentials before I installed the ZoneAlarm Free Firewall Antivirus. So I'm not sure why the log says I still have the MS AV. When I get home tonight I'll check in Normal mode whether the MS AV is still on my computer.

Share this post


Link to post
Share on other sites

The Combofix scan that I did last night was in Normal mode. I disabled the ZoneAlarm Free Firewall Antivirus program when I ran it. Do you want me to run it again?

Share this post


Link to post
Share on other sites

With all the infected files you had, it would be a good idea.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.