also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot

TechSpot News Products Downloads Forums

Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Google redirect and Windows Security Viruses

Discussion in 'Virus and Malware Removal' started by kspot, Jan 7, 2012.

Page 1 of 2

kspot Newcomer, in training

Hey guys, I have been having virus issues since mid December and have not been able to solve them on my own. I have a google redirect and Windows Security Virus and who knows what else. Attached below are the logs that are requested. Any help that you can provide is appreciated.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John :: JOHN-BC19467D9A [administrator]

1/7/2012 2:02:13 PM
mbam-log-2012-01-07 (14-02-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235639
Time elapsed: 28 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
I:\Documents and Settings\Pam\Local Settings\Application Data\ncn.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-07 14:46:02
Windows 5.1.2600 Service Pack 3
Running: bml80zym.exe; Driver: I:\DOCUME~1\John\LOCALS~1\Temp\kgdyipow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by John at 15:07:49 on 2012-01-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.472 [GMT -6:00]
.
AV: CA Anti-Virus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *Disabled*
.
============== Running Processes ===============
.
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
I:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
I:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
I:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
I:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
I:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
I:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
I:\WINDOWS\system32\svchost.exe -k imgsvc
I:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
I:\WINDOWS\ehome\ehtray.exe
I:\WINDOWS\stsystra.exe
I:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
I:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
I:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Epson Software\Event Manager\EEventManager.exe
I:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
I:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
I:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://soccernet.espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - i:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - i:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - i:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - i:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - i:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [MSMSGS] "i:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "i:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
uRun: [Artisan 837(Network)] i:\windows\system32\spool\drivers\w32x86\3\e_fatihoa.exe /fu "i:\docume~1\john\locals~1\temp\E_S1A.tmp" /EF "HKCU"
mRun: [ehTray] i:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "i:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [OpwareSE2] "i:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [EPSON Stylus Photo R800] i:\windows\system32\spool\drivers\w32x86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB002" /M "Stylus Photo R800"
mRun: [Adobe Photo Downloader] "i:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [cctray] "i:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "i:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] i:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] i:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [<NO NAME>]
mRun: [capfupgrade] i:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "i:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "i:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "i:\program files\java\jre6\bin\jusched.exe"
mRun: [EEventManager] "i:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "i:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "i:\program files\epson software\fax utility\FUFAXSTM.exe"
dRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - i:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: Convert link target to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - i:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - i:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - i:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: i:\windows\system32\VetRedir.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d196a.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - i:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/44.10/uploader2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.myfamily.com/Controls/Upload/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll
STS: {5defdc92-484f-4a0a-8f98-86f2f2b4542c} - No File
LSA: Notification Packages = scecli lovojefu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - i:\documents and settings\john\application data\mozilla\firefox\profiles\h69h0tno.default\
FF - plugin: i:\documents and settings\pam\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: i:\documents and settings\pam\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: i:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: i:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: i:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: i:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: i:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: i:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: i:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: i:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: i:\program files\mozilla firefox\plugins\npyaxmpb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxStart;KmxStart;i:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;i:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;i:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;i:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;i:\windows\system32\drivers\vet-filt.sys [2010-3-28 26352]
R1 VET-REC;VET File System Recognizer;i:\windows\system32\drivers\vet-rec.sys [2010-3-28 21104]
R1 VETEFILE;VET File Scan Engine;i:\windows\system32\drivers\vetefile.sys [2010-6-3 746216]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;i:\windows\system32\drivers\vetfddnt.sys [2010-3-28 21488]
R1 VETMONNT;VET File Monitor;i:\windows\system32\drivers\vetmonnt.sys [2010-3-28 32240]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;i:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 CAISafe;CAISafe;i:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2010-3-28 144960]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;i:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-3-17 513408]
R2 KmxCF;KmxCF;i:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;i:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 McrdSvc;Media Center Extender Service;i:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;i:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;i:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;i:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;i:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2010-3-28 238928]
R3 KmxCfg;KmxCfg;i:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;i:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;i:\windows\system32\drivers\veteboot.sys [2010-6-3 130280]
S2 gupdate;Google Update Service (gupdate);i:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
.
=============== Created Last 30 ================
.
2011-12-30 03:43:25 626688 ----a-w- i:\program files\mozilla firefox\msvcr80.dll
2011-12-30 03:43:25 548864 ----a-w- i:\program files\mozilla firefox\msvcp80.dll
2011-12-30 03:43:25 479232 ----a-w- i:\program files\mozilla firefox\msvcm80.dll
2011-12-30 03:43:25 43992 ----a-w- i:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2011-12-15 02:39:37 414368 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24:06 20464 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- i:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- i:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- i:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- i:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- i:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- i:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- i:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- i:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- i:\windows\system32\ntkrnlpa.exe
2011-10-14 23:38:00 456192 ----a-w- i:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- i:\windows\system32\inetcomm.dll
.
============= FINISH: 15:08:20.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2006 4:47:09 PM
System Uptime: 1/7/2012 2:33:28 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0KF623
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
D: is CDROM ()
H: is CDROM ()
I: is FIXED (NTFS) - 149 GiB total, 71.201 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X300 SE 128MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 SE 128MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag
.
==== System Restore Points ===================
.
RP1883: 10/10/2011 2:34:50 PM - System Checkpoint
RP1884: 10/11/2011 2:43:33 PM - System Checkpoint
RP1885: 10/12/2011 2:52:05 PM - System Checkpoint
RP1886: 10/13/2011 4:41:16 PM - System Checkpoint
RP1887: 10/14/2011 3:00:19 AM - Software Distribution Service 3.0
RP1888: 10/15/2011 3:17:56 AM - System Checkpoint
RP1889: 10/16/2011 3:47:56 AM - System Checkpoint
RP1890: 10/17/2011 4:36:28 AM - System Checkpoint
RP1891: 10/18/2011 4:59:48 AM - System Checkpoint
RP1892: 10/19/2011 5:47:45 AM - System Checkpoint
RP1893: 10/20/2011 5:49:43 AM - System Checkpoint
RP1894: 10/21/2011 6:11:41 AM - System Checkpoint
RP1895: 10/22/2011 6:26:08 AM - System Checkpoint
RP1896: 10/23/2011 6:38:13 AM - System Checkpoint
RP1897: 10/24/2011 7:03:16 AM - System Checkpoint
RP1898: 10/25/2011 7:32:30 AM - System Checkpoint
RP1899: 10/26/2011 8:24:39 AM - System Checkpoint
RP1900: 10/27/2011 9:32:39 AM - System Checkpoint
RP1901: 10/28/2011 10:22:11 AM - System Checkpoint
RP1902: 10/29/2011 11:44:03 AM - System Checkpoint
RP1903: 10/30/2011 11:51:31 AM - System Checkpoint
RP1904: 10/31/2011 1:19:48 PM - System Checkpoint
RP1905: 11/1/2011 2:05:05 PM - System Checkpoint
RP1906: 11/2/2011 2:19:17 PM - System Checkpoint
RP1907: 11/3/2011 5:20:51 PM - System Checkpoint
RP1908: 11/5/2011 12:13:30 AM - System Checkpoint
RP1909: 11/6/2011 12:33:20 AM - System Checkpoint
RP1910: 11/7/2011 1:33:15 AM - System Checkpoint
RP1911: 11/8/2011 1:55:20 AM - System Checkpoint
RP1912: 11/9/2011 2:45:25 AM - System Checkpoint
RP1913: 11/9/2011 3:00:19 AM - Software Distribution Service 3.0
RP1914: 11/10/2011 3:20:22 AM - System Checkpoint
RP1915: 11/10/2011 9:57:10 PM - Software Distribution Service 3.0
RP1916: 11/12/2011 12:28:53 AM - System Checkpoint
RP1917: 11/13/2011 12:37:00 AM - System Checkpoint
RP1918: 11/14/2011 12:54:47 AM - System Checkpoint
RP1919: 11/15/2011 1:20:19 AM - System Checkpoint
RP1920: 11/16/2011 2:06:42 AM - System Checkpoint
RP1921: 11/17/2011 2:18:13 AM - System Checkpoint
RP1922: 11/18/2011 2:54:09 AM - System Checkpoint
RP1923: 11/19/2011 3:33:11 AM - System Checkpoint
RP1924: 11/20/2011 3:54:08 AM - System Checkpoint
RP1925: 11/21/2011 5:07:27 AM - System Checkpoint
RP1926: 11/22/2011 11:37:27 AM - System Checkpoint
RP1927: 11/23/2011 2:40:26 PM - System Checkpoint
RP1928: 11/24/2011 6:31:50 PM - System Checkpoint
RP1929: 11/25/2011 6:35:47 PM - System Checkpoint
RP1930: 11/26/2011 9:23:29 PM - System Checkpoint
RP1931: 11/27/2011 10:27:53 PM - System Checkpoint
RP1932: 11/28/2011 10:51:37 PM - System Checkpoint
RP1933: 11/29/2011 11:35:17 PM - System Checkpoint
RP1934: 11/30/2011 11:46:59 PM - System Checkpoint
RP1935: 12/2/2011 6:41:26 AM - System Checkpoint
RP1936: 12/3/2011 7:18:39 AM - System Checkpoint
RP1937: 12/4/2011 8:06:34 AM - System Checkpoint
RP1938: 12/5/2011 10:07:26 AM - System Checkpoint
RP1939: 12/6/2011 11:22:35 AM - System Checkpoint
RP1940: 12/7/2011 12:06:57 PM - System Checkpoint
RP1941: 12/8/2011 1:16:55 PM - System Checkpoint
RP1942: 12/9/2011 2:03:25 PM - System Checkpoint
RP1943: 12/10/2011 2:43:41 PM - System Checkpoint
RP1944: 12/11/2011 4:37:51 PM - System Checkpoint
RP1945: 12/13/2011 12:21:03 AM - System Checkpoint
RP1946: 12/14/2011 1:44:31 AM - System Checkpoint
RP1947: 12/15/2011 2:44:31 AM - System Checkpoint
RP1948: 12/15/2011 3:00:20 AM - Software Distribution Service 3.0
RP1949: 12/16/2011 10:58:00 PM - System Checkpoint
RP1950: 12/17/2011 11:50:38 PM - System Checkpoint
RP1951: 12/19/2011 12:56:03 AM - System Checkpoint
RP1952: 12/20/2011 1:55:32 AM - System Checkpoint
RP1953: 12/21/2011 2:30:03 AM - System Checkpoint
RP1954: 12/22/2011 3:21:02 AM - System Checkpoint
RP1955: 12/23/2011 4:56:02 AM - System Checkpoint
RP1956: 12/24/2011 6:19:03 AM - System Checkpoint
RP1957: 12/25/2011 7:06:29 AM - System Checkpoint
RP1958: 12/26/2011 8:39:34 AM - System Checkpoint
RP1959: 12/27/2011 9:28:01 AM - System Checkpoint
RP1960: 12/28/2011 9:57:08 AM - System Checkpoint
RP1961: 12/29/2011 10:47:36 AM - System Checkpoint
RP1962: 12/30/2011 11:57:30 AM - System Checkpoint
RP1963: 12/31/2011 1:13:45 PM - System Checkpoint
RP1964: 1/2/2012 8:27:17 AM - System Checkpoint
RP1965: 1/3/2012 4:24:48 PM - System Checkpoint
RP1966: 1/4/2012 5:24:08 PM - System Checkpoint
RP1967: 1/6/2012 2:11:22 AM - System Checkpoint
RP1968: 1/7/2012 2:45:00 AM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Across Lite 2.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 9.4.7
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
Amazon MP3 Downloader 1.0.10
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control
Bonjour
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
Canon Utilities Easy-PhotoPrint
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2008
DeductionPro 2009
Dell Resource CD
Easy-WebPrint
EPSON Artisan 837 Series Printer Uninstall
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Printer Software
EPSON Scan
EpsonNet Print
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Kansas 2009
H&R Block Kansas 2010
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
MotionBased Agent
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Media Center Extensions
NVIDIA PureVideo Decoder
OmniPage SE 2.0
OpenOffice.org Installer 1.0
PENTAX Digital Camera Utility
Quicken 2007
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
System Requirements Lab
TaxCut Kansas 2008
TaxCut Premium + State + Efile 2008
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WexTech AnswerWorks
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Install Manager
Zoo Tycoon 2
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 2:35:14 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

kspot, Jan 7, 2012

#1
Broni Malware Annihilator
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Jan 7, 2012

#2
kspot Newcomer, in training

I removed CA antivirus, the logs from Avast and Combofix are below:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-08 10:06:37
-----------------------------
10:06:37.177 OS Version: Windows 5.1.2600 Service Pack 3
10:06:37.177 Number of processors: 2 586 0x403
10:06:37.177 ComputerName: JOHN-BC19467D9A UserName: John
10:06:38.146 Initialize success
10:09:18.318 AVAST engine download error: 0
10:09:48.599 Service scanning
10:09:53.239 Modules scanning
10:09:59.943 Disk 0 trace - called modules:
10:09:59.974 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:09:59.974 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f97ab8]
10:09:59.974 3 CLASSPNP.SYS[f76a2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f63b00]
10:09:59.974 Scan finished successfully
10:10:43.021 The log file has been saved successfully to "I:\Documents and Settings\John\Desktop\aswMBR.txt"

ComboFix 12-01-07.03 - John 01/08/2012 11:19:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.643 [GMT -6:00]
Running from: i:\documents and settings\John\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\Autorun.inf
i:\documents and settings\All Users\Application Data\c16pm6u81m
i:\documents and settings\All Users\Application Data\koMwzVHVNIGd4P
i:\documents and settings\All Users\Application Data\TEMP
i:\documents and settings\John\Application Data\AdobeDLM.log
i:\documents and settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\chrome.manifest
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\chrome\xulcache.jar
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\defaults\preferences\xulcache.js
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\install.rdf
i:\documents and settings\John\Start Menu\Programs\System Fix
i:\documents and settings\John\Start Menu\Programs\System Fix\System Fix.lnk
i:\documents and settings\John\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
I:\readme.txt
I:\setup.exe
i:\windows\dasetup.log
i:\windows\Downloaded Program Files\popcaploader.inf
i:\windows\kb913800.exe
i:\windows\Tasks\cfwqpozf.job
.
i:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - i:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2011-12-30 03:43 . 2011-12-30 03:43 626688 ----a-w- i:\program files\Mozilla Firefox\msvcr80.dll
2011-12-30 03:43 . 2011-12-30 03:43 548864 ----a-w- i:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 03:43 . 2011-12-30 03:43 479232 ----a-w- i:\program files\Mozilla Firefox\msvcm80.dll
2011-12-30 03:43 . 2011-12-30 03:43 43992 ----a-w- i:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 02:39 . 2011-05-14 13:06 414368 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2010-01-31 14:26 20464 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- i:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-10 11:00 916992 ----a-w- i:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ----a-w- i:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ----a-w- i:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ----a-w- i:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- i:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- i:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-10 11:00 2148864 ----a-w- i:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- i:\windows\system32\ntkrnlpa.exe
2011-10-14 23:38 . 2004-08-10 11:00 456192 ----a-w- i:\windows\system32\encdec.dll
2011-12-30 03:43 . 2011-05-02 02:13 121816 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . i:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . i:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . i:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="i:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"OpwareSE2"="i:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"EPSON Stylus Photo R800"="i:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE" [2003-08-07 99840]
"Adobe Photo Downloader"="i:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"EEventManager"="i:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="i:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="i:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - i:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-12 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 ----a-w- i:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- i:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-20 03:25 68856 ----a-w- i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"i:\\WINDOWS\\ehome\\ehtray.exe"=
"i:\\WINDOWS\\system32\\WgaTray.exe"=
"i:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;i:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;i:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [3/17/2011 5:03 PM 513408]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 6:22 PM 135664]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 6:22 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:22]
.
2012-01-08 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://soccernet.espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
FF - ProfilePath - i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - i:\program files\Java\jre6\bin\jusched.exe
SharedTaskScheduler-{5defdc92-484f-4a0a-8f98-86f2f2b4542c} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-08 11:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2000)
i:\windows\system32\WININET.dll
i:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
i:\windows\system32\Ati2evxx.exe
i:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
i:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
i:\program files\Bonjour\mDNSResponder.exe
i:\windows\eHome\ehRecvr.exe
i:\windows\eHome\ehSched.exe
i:\program files\Java\jre6\bin\jqs.exe
i:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
i:\windows\ehome\mcrdsvc.exe
i:\windows\system32\dllhost.exe
i:\windows\stsystra.exe
i:\windows\eHome\ehmsas.exe
i:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-08 11:33:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 17:33
.
Pre-Run: 76,414,406,656 bytes free
Post-Run: 76,457,160,704 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 39BDFC28CDDB268E4C04328120DF21B8

Thanks for your continued help

kspot, Jan 8, 2012

#3
Broni Malware Annihilator
Please re-run aswMBR one more time.

Also...

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, Jan 8, 2012

#4
kspot Newcomer, in training

The ASW virus definintions took much longer to load this time. The results are:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-08 10:06:37
-----------------------------
10:06:37.177 OS Version: Windows 5.1.2600 Service Pack 3
10:06:37.177 Number of processors: 2 586 0x403
10:06:37.177 ComputerName: JOHN-BC19467D9A UserName: John
10:06:38.146 Initialize success
10:09:18.318 AVAST engine download error: 0
10:09:48.599 Service scanning
10:09:53.239 Modules scanning
10:09:59.943 Disk 0 trace - called modules:
10:09:59.974 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:09:59.974 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f97ab8]
10:09:59.974 3 CLASSPNP.SYS[f76a2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f63b00]
10:09:59.974 Scan finished successfully
10:10:43.021 The log file has been saved successfully to "I:\Documents and Settings\John\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-08 12:08:26
-----------------------------
12:08:26.171 OS Version: Windows 5.1.2600 Service Pack 3
12:08:26.171 Number of processors: 2 586 0x403
12:08:26.171 ComputerName: JOHN-BC19467D9A UserName: John
12:08:26.531 Initialize success
12:18:28.328 AVAST engine defs: 12010800
12:18:36.265 Service scanning
12:18:37.312 Modules scanning
12:18:41.671 Disk 0 trace - called modules:
12:18:41.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:18:41.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f71ab8]
12:18:41.703 3 CLASSPNP.SYS[f7697fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f72d98]
12:18:42.437 AVAST engine scan I:\WINDOWS
12:19:05.187 File: I:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
12:19:07.781 AVAST engine scan I:\WINDOWS\system32
12:20:38.062 AVAST engine scan I:\WINDOWS\system32\drivers
12:20:52.171 AVAST engine scan I:\Documents and Settings\John
12:24:49.750 AVAST engine scan I:\Documents and Settings\All Users
12:26:41.796 Scan finished successfully
12:27:24.781 The log file has been saved successfully to "I:\Documents and Settings\John\Desktop\aswMBR.txt"

The Bootkit cleaner shows different information in the dialog box, but this is what control C and Control V produce:

ComboFix 12-01-07.03 - John 01/08/2012 11:19:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.643 [GMT -6:00]
Running from: i:\documents and settings\John\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\Autorun.inf
i:\documents and settings\All Users\Application Data\c16pm6u81m
i:\documents and settings\All Users\Application Data\koMwzVHVNIGd4P
i:\documents and settings\All Users\Application Data\TEMP
i:\documents and settings\John\Application Data\AdobeDLM.log
i:\documents and settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\chrome.manifest
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\chrome\xulcache.jar
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\defaults\preferences\xulcache.js
i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\install.rdf
i:\documents and settings\John\Start Menu\Programs\System Fix
i:\documents and settings\John\Start Menu\Programs\System Fix\System Fix.lnk
i:\documents and settings\John\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
I:\readme.txt
I:\setup.exe
i:\windows\dasetup.log
i:\windows\Downloaded Program Files\popcaploader.inf
i:\windows\kb913800.exe
i:\windows\Tasks\cfwqpozf.job
.
i:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - i:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2011-12-30 03:43 . 2011-12-30 03:43 626688 ----a-w- i:\program files\Mozilla Firefox\msvcr80.dll
2011-12-30 03:43 . 2011-12-30 03:43 548864 ----a-w- i:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 03:43 . 2011-12-30 03:43 479232 ----a-w- i:\program files\Mozilla Firefox\msvcm80.dll
2011-12-30 03:43 . 2011-12-30 03:43 43992 ----a-w- i:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 02:39 . 2011-05-14 13:06 414368 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2010-01-31 14:26 20464 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- i:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-10 11:00 916992 ----a-w- i:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ----a-w- i:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ----a-w- i:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ----a-w- i:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- i:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- i:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-10 11:00 2148864 ----a-w- i:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- i:\windows\system32\ntkrnlpa.exe
2011-10-14 23:38 . 2004-08-10 11:00 456192 ----a-w- i:\windows\system32\encdec.dll
2011-12-30 03:43 . 2011-05-02 02:13 121816 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . i:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . i:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . i:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="i:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"OpwareSE2"="i:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"EPSON Stylus Photo R800"="i:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE" [2003-08-07 99840]
"Adobe Photo Downloader"="i:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"EEventManager"="i:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="i:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="i:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - i:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-12 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 ----a-w- i:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- i:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-20 03:25 68856 ----a-w- i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"i:\\WINDOWS\\ehome\\ehtray.exe"=
"i:\\WINDOWS\\system32\\WgaTray.exe"=
"i:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;i:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;i:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [3/17/2011 5:03 PM 513408]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 6:22 PM 135664]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 6:22 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:22]
.
2012-01-08 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://soccernet.espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - i:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
FF - ProfilePath - i:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - i:\program files\Java\jre6\bin\jusched.exe
SharedTaskScheduler-{5defdc92-484f-4a0a-8f98-86f2f2b4542c} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-08 11:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2000)
i:\windows\system32\WININET.dll
i:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
i:\windows\system32\Ati2evxx.exe
i:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
i:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
i:\program files\Bonjour\mDNSResponder.exe
i:\windows\eHome\ehRecvr.exe
i:\windows\eHome\ehSched.exe
i:\program files\Java\jre6\bin\jqs.exe
i:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
i:\windows\ehome\mcrdsvc.exe
i:\windows\system32\dllhost.exe
i:\windows\stsystra.exe
i:\windows\eHome\ehmsas.exe
i:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-08 11:33:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 17:33
.
Pre-Run: 76,414,406,656 bytes free
Post-Run: 76,457,160,704 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 39BDFC28CDDB268E4C04328120DF21B8

Hope I am still on the right track.

kspot, Jan 8, 2012

#5
Broni Malware Annihilator

The Bootkit cleaner shows different information in the dialog box, but this is what control C and Control V produce:

You posted Combofix log instead of Bootkit Remover log.
Please redo.

Broni, Jan 8, 2012

#6
kspot Newcomer, in training

I thought that looked familiar : )

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\I:
\\.\I: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

kspot, Jan 8, 2012

#7
Broni Malware Annihilator
Looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Jan 8, 2012

#8
kspot Newcomer, in training

The computer is running very fast. Probably because there is no CA antivirus slowing it down at this time.

OTL part 1:

OTL logfile created on: 1/8/2012 2:25:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = I:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 576.96 Mb Available Physical Memory | 56.45% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.32% Paging File free
Paging file location(s): I:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 149.00 Gb Total Space | 71.17 Gb Free Space | 47.76% Space Free | Partition Type: NTFS

Computer Name: JOHN-BC19467D9A | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 14:20:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2011/03/17 17:03:32 | 000,513,408 | ---- | M] (SEIKO EPSON CORPORATION) -- I:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- I:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- I:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- I:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- I:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- I:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- I:\WINDOWS\stsystra.exe
PRC - [2003/08/07 05:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- I:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2J1.EXE
PRC - [2003/05/08 10:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- I:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/14 17:38:00 | 000,456,192 | ---- | M] () -- I:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- I:\WINDOWS\system32\sbe.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- I:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- I:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- I:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- I:\WINDOWS\system32\devenum.dll
MOD - [2005/08/05 13:01:54 | 000,159,744 | ---- | M] () -- I:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 12:06:50 | 000,165,376 | ---- | M] () -- I:\WINDOWS\system32\mpg2splt.ax

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - [2011/03/17 17:03:32 | 000,513,408 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- I:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- I:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- I:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 16:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/04 17:06:50 | 000,135,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://soccernet.espn.go.com/
IE - HKU\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1123561945-448539723-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-448539723-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: I:\Documents and Settings\Pam\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: I:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/12/29 21:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/06/23 05:22:55 | 000,000,000 | ---D | M]

[2010/02/12 14:32:06 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2011/12/14 20:01:32 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions
[2010/04/28 14:59:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 17:06:42 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- I:\DOCUMENTS AND SETTINGS\JOHN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H69H0TNO.DEFAULT\EXTENSIONS\{E024531D-AC02-4E24-8BB3-56AE7B1ACE04}
[2010/05/26 21:00:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/29 21:43:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/21 12:43:24 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- I:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/01/21 12:43:24 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- I:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- I:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- I:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- I:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/05 08:16:09 | 000,002,252 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 17:06:19 | 000,002,040 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/08 11:27:36 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-1123561945-448539723-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] I:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R800] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] I:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] I:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [OpwareSE2] I:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] I:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = I:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-448539723-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d196a.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} I:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/44.10/uploader2.cab (UploadListView Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://www.myfamily.com/Controls/Upload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} http://community.weightwatchers.com/Scripts/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/games/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D508C823-5466-40F7-8B94-27C622AFF8DF}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: I:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - I:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - I:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 14:20:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\John\Desktop\OTL.exe
[2012/01/08 12:30:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\John\Desktop\bootkit_remover
[2012/01/08 11:15:37 | 000,000,000 | RHSD | C] -- I:\cmdcons
[2012/01/08 11:11:17 | 000,518,144 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2012/01/08 11:11:17 | 000,406,528 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2012/01/08 11:11:17 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2012/01/08 11:11:17 | 000,060,416 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2012/01/08 11:11:09 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2012/01/08 11:01:46 | 000,000,000 | ---D | C] -- I:\Config.Msi
[2012/01/08 10:39:49 | 000,000,000 | ---D | C] -- I:\Qoobox
[2012/01/08 10:17:21 | 008,821,856 | ---- | C] (OPSWAT, Inc.) -- I:\Documents and Settings\John\Desktop\AppRemover.exe
[2012/01/08 10:12:37 | 004,374,678 | R--- | C] (Swearware) -- I:\Documents and Settings\John\Desktop\ComboFix.exe
[2012/01/08 10:05:47 | 004,713,472 | ---- | C] (AVAST Software) -- I:\Documents and Settings\John\Desktop\aswMBR.exe
[2012/01/07 14:48:39 | 000,607,260 | R--- | C] (Swearware) -- I:\Documents and Settings\John\Desktop\dds.scr
[2011/12/16 22:08:20 | 000,000,000 | R--D | C] -- I:\Documents and Settings\John\Start Menu\Programs\Administrative Tools
[2011/12/16 21:28:34 | 000,000,000 | R--D | C] -- I:\Documents and Settings\John\Recent
[2011/12/16 21:03:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[1 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/08 14:20:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\John\Desktop\OTL.exe
[2012/01/08 14:16:00 | 000,000,886 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 12:28:47 | 000,044,607 | ---- | M] () -- I:\Documents and Settings\John\Desktop\bootkit_remover.zip
[2012/01/08 11:27:36 | 000,000,027 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts
[2012/01/08 11:27:27 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2012/01/08 11:27:23 | 000,000,882 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 11:26:25 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2012/01/08 11:15:41 | 000,000,325 | RHS- | M] () -- I:\boot.ini
[2012/01/08 10:17:28 | 008,821,856 | ---- | M] (OPSWAT, Inc.) -- I:\Documents and Settings\John\Desktop\AppRemover.exe
[2012/01/08 10:12:42 | 004,374,678 | R--- | M] (Swearware) -- I:\Documents and Settings\John\Desktop\ComboFix.exe
[2012/01/08 10:06:01 | 004,713,472 | ---- | M] (AVAST Software) -- I:\Documents and Settings\John\Desktop\aswMBR.exe
[2012/01/07 14:48:39 | 000,607,260 | R--- | M] (Swearware) -- I:\Documents and Settings\John\Desktop\dds.scr
[2012/01/07 14:41:59 | 000,302,592 | ---- | M] () -- I:\Documents and Settings\John\Desktop\bml80zym.exe
[2012/01/07 13:58:40 | 000,000,802 | ---- | M] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/07 13:58:40 | 000,000,784 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/17 13:41:55 | 000,001,729 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/15 07:35:50 | 000,278,944 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:07:33 | 000,001,393 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[1 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | ---- | C] () -- I:\WINDOWS\System32\komazuyu
[2012/01/08 12:28:50 | 000,044,607 | ---- | C] () -- I:\Documents and Settings\John\Desktop\bootkit_remover.zip
[2012/01/08 11:15:41 | 000,000,208 | ---- | C] () -- I:\Boot.bak
[2012/01/08 11:15:38 | 000,260,272 | RHS- | C] () -- I:\cmldr
[2012/01/08 11:11:17 | 000,256,000 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2012/01/08 11:11:17 | 000,208,896 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2012/01/08 11:11:17 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2012/01/08 11:11:17 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2012/01/08 11:11:17 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2012/01/07 14:41:57 | 000,302,592 | ---- | C] () -- I:\Documents and Settings\John\Desktop\bml80zym.exe
[2012/01/07 13:58:40 | 000,000,802 | ---- | C] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/07 13:58:40 | 000,000,784 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/16 21:03:45 | 000,001,853 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\MP500 On-screen Manual.lnk
[2011/12/16 21:03:45 | 000,000,724 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/16 21:03:45 | 000,000,559 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2011/12/16 21:03:44 | 000,002,067 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album Starter Edition 3.0.lnk
[2011/12/16 21:03:44 | 000,001,729 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/16 21:03:44 | 000,001,694 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Artisan 837 User's Guide.lnk
[2011/12/16 21:03:44 | 000,001,682 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\H&R Block 2010.lnk
[2011/12/16 21:03:44 | 000,000,895 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 2.0.lnk
[2011/12/16 21:03:44 | 000,000,808 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2011/12/16 21:03:44 | 000,000,665 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/12/16 21:03:39 | 000,001,478 | ---- | C] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/12/16 21:03:39 | 000,000,815 | ---- | C] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/16 21:03:39 | 000,000,800 | ---- | C] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/16 21:03:39 | 000,000,742 | ---- | C] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/16 21:03:39 | 000,000,079 | ---- | C] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/16 21:03:32 | 000,000,793 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/12/16 21:03:27 | 000,002,453 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Streets & Trips.lnk
[2011/12/16 21:03:27 | 000,002,347 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/12/16 21:03:27 | 000,001,830 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/16 21:03:27 | 000,001,466 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/12/16 21:03:27 | 000,000,786 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/12/16 21:03:27 | 000,000,730 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/16 21:03:27 | 000,000,609 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/12/16 21:03:26 | 000,002,073 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album Starter Edition 3.0.lnk
[2011/12/16 21:03:26 | 000,001,702 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Across Lite 2.0.lnk
[2011/12/16 21:03:26 | 000,000,901 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/10/07 20:39:12 | 000,000,000 | ---- | C] () -- I:\WINDOWS\EEventManager.INI
[2011/10/07 17:45:32 | 000,058,708 | ---- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2011/10/05 18:36:08 | 000,000,104 | ---- | C] () -- I:\WINDOWS\EART837.ini
[2010/04/05 12:47:17 | 000,000,664 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 08:48:03 | 000,020,552 | ---- | C] () -- I:\WINDOWS\System32\drivers\hitmanpro35.sys
[2008/05/03 12:28:59 | 000,017,408 | ---- | C] () -- I:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/10 17:41:32 | 000,001,337 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/28 14:47:32 | 000,000,000 | ---- | C] () -- I:\WINDOWS\PestPatrol5.INI
[2006/09/09 14:49:16 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\John\Application Data\dm.ini
[2006/08/31 08:19:39 | 000,000,030 | ---- | C] () -- I:\WINDOWS\INTURS.DAT
[2006/08/28 11:43:51 | 000,000,078 | ---- | C] () -- I:\WINDOWS\qwimp.ini
[2006/08/28 11:42:54 | 000,000,209 | ---- | C] () -- I:\WINDOWS\QUICKEN.INI
[2006/08/14 16:56:35 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2006/08/12 14:23:08 | 000,000,048 | ---- | C] () -- I:\WINDOWS\EPSONR800.ini
[2006/08/11 10:02:45 | 000,008,704 | ---- | C] () -- I:\WINDOWS\System32\CNMVS7L.DLL
[2006/08/11 10:01:05 | 000,000,532 | ---- | C] () -- I:\WINDOWS\MAXLINK.INI
[2006/08/10 11:59:10 | 000,000,376 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2006/08/09 16:42:11 | 000,004,212 | ---- | C] () -- I:\WINDOWS\System32\zllictbl.dat
[2006/08/08 16:16:03 | 000,520,192 | ---- | C] () -- I:\WINDOWS\System32\ati2sgag.exe
[2006/08/08 16:15:38 | 000,114,630 | ---- | C] () -- I:\WINDOWS\System32\atiicdxx.dat
[2006/08/08 15:52:21 | 000,000,127 | ---- | C] () -- I:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2006/08/08 15:47:16 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2006/08/08 15:40:56 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2006/08/08 09:03:16 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2006/08/08 09:02:14 | 000,278,944 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- I:\WINDOWS\System32\psisdecd.dll
[2005/03/22 16:38:24 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2005/03/22 16:38:24 | 000,004,627 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,444,456 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,072,332 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- I:\WINDOWS\System32\OUTLPERF.INI
[2001/09/04 04:04:00 | 000,000,182 | ---- | C] () -- I:\WINDOWS\System32\EBPPORT4.DAT

========== LOP Check ==========

[2012/01/08 11:09:21 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\CA
[2010/03/27 08:51:21 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/10/05 18:57:02 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\EPSON
[2010/01/31 09:02:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/11/03 21:16:34 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/08/19 15:35:41 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\PopCap
[2010/03/27 10:33:58 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/08/11 10:01:06 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/08/11 10:01:06 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/01/26 09:13:11 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\TaxCut
[2009/04/03 14:53:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/26 10:14:49 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/25 10:29:59 | 000,000,000 | ---D | M] -- I:\Documents and Settings\John\Application Data\Canon
[2011/10/07 17:35:49 | 000,000,000 | ---D | M] -- I:\Documents and Settings\John\Application Data\Epson
[2006/08/12 14:24:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\John\Application Data\Leadertech
[2007/04/14 08:21:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\John\Application Data\MotionBased
[2008/11/19 18:27:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\John\Application Data\MSNInstaller
[2010/03/27 10:33:58 | 000,000,000 | ---D | M] -- I:\Documents and Settings\John\Application Data\ScanSoft
[2007/12/16 12:55:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\John\Application Data\Snapfish
[2011/10/09 08:41:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Jonathan\Application Data\Epson
[2011/10/05 18:49:43 | 000,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Application Data\Epson
[2008/11/24 22:31:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\Amazon
[2011/09/07 07:36:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\Canon
[2011/01/21 12:43:24 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\Catalina Marketing Corp
[2009/11/28 22:00:47 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\CDFKPHome
[2011/10/09 10:17:20 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\Epson
[2010/06/14 13:37:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\Facebook
[2007/10/22 19:51:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\funkitron
[2007/07/23 10:36:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\Leadertech
[2006/08/11 10:01:08 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\ScanSoft
[2007/02/09 12:49:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\Snapfish
[2011/01/26 09:16:54 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Pam\Application Data\TaxCut

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/02/12 20:05:00 | 000,151,552 | ---- | M] (ATI Technologies Inc.) -- I:\AtiCim.bin
[2005/02/12 20:05:00 | 000,110,592 | ---- | M] (ATI Technologies Inc.) -- I:\AtiCimUn.exe
[2006/08/08 15:38:09 | 000,000,208 | ---- | M] () -- I:\Boot.bak
[2012/01/08 11:15:41 | 000,000,325 | RHS- | M] () -- I:\boot.ini
[2005/02/12 20:05:00 | 000,069,632 | ---- | M] (ATI Technologies Inc.) -- I:\CheckVer.exe
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- I:\cmldr
[2012/01/08 11:33:08 | 000,012,736 | ---- | M] () -- I:\ComboFix.txt
[2005/12/12 08:27:00 | 000,045,056 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- I:\CSVer.dll
[2005/02/12 20:05:00 | 000,798,386 | ---- | M] () -- I:\data1.cab
[2005/02/12 20:05:00 | 000,012,370 | ---- | M] () -- I:\data1.hdr
[2005/02/12 20:05:00 | 000,000,512 | ---- | M] () -- I:\data2.cab
[2003/11/19 01:15:00 | 000,128,398 | ---- | M] () -- I:\del200f.cty
[2004/01/19 10:13:08 | 000,011,075 | ---- | M] () -- I:\del200fk.cat
[2004/01/07 10:16:18 | 000,037,128 | ---- | M] () -- I:\del200fk.inf
[2003/09/03 14:31:16 | 000,001,736 | ---- | M] () -- I:\DEVTYPE.INI
[2002/02/04 14:39:20 | 000,000,023 | R--- | M] () -- I:\disk1
[2005/02/12 20:05:00 | 000,154,624 | ---- | M] (ATI Technologies Inc.) -- I:\DrvUI64A.exe
[2005/07/13 10:34:30 | 000,030,720 | ---- | M] () -- I:\dss features matrix v14.xls
[2005/03/24 07:46:04 | 000,459,688 | ---- | M] () -- I:\engine32.cab
[2003/10/23 14:01:36 | 000,032,218 | R--- | M] (Conexant Systems, Inc.) -- I:\HSFCI008.dll
[2003/11/17 14:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) -- I:\HSFHWBS2.sys
[2003/11/17 14:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) -- I:\HSF_CNXT.sys
[2003/11/17 14:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) -- I:\HSF_DP.sys
[2003/10/30 14:25:38 | 000,532,480 | ---- | M] (Conexant Systems, Inc.) -- I:\HXFSetup.exe
[2005/07/01 10:01:02 | 000,008,080 | ---- | M] () -- I:\iaahci.cat
[2005/06/17 06:27:10 | 000,004,736 | ---- | M] () -- I:\iaahci.inf
[2005/07/06 16:41:26 | 000,007,982 | ---- | M] () -- I:\iastor.cat
[2005/06/30 09:46:32 | 000,003,302 | ---- | M] () -- I:\iastor.inf
[2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) -- I:\iastor.sys
[2005/02/12 20:05:00 | 000,344,923 | ---- | M] () -- I:\ikernel.ex_
[2005/12/12 08:27:00 | 000,000,720 | ---- | M] () -- I:\InfoDlg.txt
[2005/12/12 08:27:00 | 000,000,072 | ---- | M] () -- I:\Install.cfg
[2005/02/12 20:05:00 | 000,000,257 | ---- | M] () -- I:\INSTALL.INI
[2005/12/12 08:27:00 | 000,065,536 | ---- | M] () -- I:\Instngin.dll
[2005/02/12 20:05:00 | 000,127,488 | ---- | M] (InstallShield Software Corporation) -- I:\issetup.exe
[2004/07/08 09:42:52 | 015,228,464 | ---- | M] (Sun Microsystems, Inc. ) -- I:\j2re.exe
[2005/03/01 13:12:08 | 000,000,789 | ---- | M] () -- I:\language.dat
[2005/07/08 13:10:36 | 000,000,256 | ---- | M] () -- I:\Language.txt
[2005/02/12 20:05:00 | 000,000,569 | ---- | M] () -- I:\layout.bin
[2005/07/08 12:51:38 | 000,011,042 | ---- | M] () -- I:\license.txt
[2003/04/09 13:01:32 | 000,090,112 | R--- | M] (Conexant) -- I:\MdmXSdk.dll
[2003/04/09 12:48:08 | 000,011,043 | R--- | M] (Conexant) -- I:\MDMXSDK.sys
[2005/03/04 09:56:02 | 000,019,992 | ---- | M] () -- I:\MH Releases.txt
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2008/08/17 07:49:46 | 000,250,048 | RHS- | M] () -- I:\ntldr
[2012/01/08 11:26:22 | 1610,612,736 | -HS- | M] () -- I:\pagefile.sys
[2005/03/21 12:01:10 | 000,106,496 | ---- | M] (Intel® Corporation) -- I:\PCIUtil.dll
[2005/02/12 20:05:00 | 000,018,192 | ---- | M] (Microsoft Corporation) -- I:\psapi.dll
[2004/05/25 14:56:00 | 000,002,193 | ---- | M] () -- I:\readme_CS.TXT
[2004/05/25 14:34:08 | 000,002,175 | ---- | M] () -- I:\readme_CT.TXT
[2004/05/25 13:51:58 | 000,003,955 | ---- | M] () -- I:\readme_FR.TXT
[2004/05/25 13:53:16 | 000,004,082 | ---- | M] () -- I:\readme_GE.TXT
[2004/05/21 10:05:28 | 000,003,306 | ---- | M] () -- I:\readme_JA.TXT
[2004/05/25 13:59:16 | 000,002,927 | ---- | M] () -- I:\readme_KO.TXT
[2004/05/25 13:52:40 | 000,003,561 | ---- | M] () -- I:\readme_PB.TXT
[2004/05/20 15:17:16 | 000,003,996 | ---- | M] () -- I:\readme_SP.TXT
[2005/07/08 13:10:36 | 000,092,132 | ---- | M] () -- I:\setup.bmp
[2005/06/17 00:29:38 | 000,450,563 | ---- | M] () -- I:\setup.ibt
[2005/02/12 20:05:00 | 000,000,132 | ---- | M] () -- I:\Setup.ini
[2005/02/12 20:05:00 | 000,159,605 | ---- | M] () -- I:\setup.inx
[2005/07/08 13:10:34 | 000,000,931 | ---- | M] () -- I:\setup.iss
[2005/06/10 10:07:04 | 000,002,600 | ---- | M] () -- I:\Setupcfg.reg
[2011/12/25 13:09:00 | 000,050,030 | ---- | M] () -- I:\TDSSKiller.2.6.25.0_25.12.2011_13.08.14_log.txt
[2011/12/25 13:15:50 | 000,050,030 | ---- | M] () -- I:\TDSSKiller.2.6.25.0_25.12.2011_13.14.08_log.txt
[2011/12/25 13:16:38 | 000,050,030 | ---- | M] () -- I:\TDSSKiller.2.6.25.0_25.12.2011_13.16.14_log.txt
[2005/06/17 06:26:54 | 000,002,814 | ---- | M] () -- I:\txtsetup.oem
[2005/12/12 08:27:04 | 000,051,712 | ---- | M] () -- I:\UpDrv64.exe
[2005/12/15 11:49:44 | 000,000,590 | ---- | M] () -- I:\Version.txt

kspot, Jan 8, 2012

#9
kspot Newcomer, in training

OTL part 2:

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/08 15:43:57 | 000,000,067 | -HS- | M] () -- I:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/08/25 23:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7L.DLL
[2005/08/26 11:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7L.DLL
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 16:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/08 09:01:39 | 000,094,208 | ---- | M] () -- I:\WINDOWS\System32\config\default.sav
[2006/08/08 09:01:39 | 000,659,456 | ---- | M] () -- I:\WINDOWS\System32\config\software.sav
[2006/08/08 09:01:39 | 000,913,408 | ---- | M] () -- I:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/17 08:01:51 | 000,000,272 | -HS- | M] () -- I:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/08 16:02:35 | 000,000,170 | -HS- | M] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/08/08 16:02:34 | 000,000,079 | ---- | M] () -- I:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/08 10:17:28 | 008,821,856 | ---- | M] (OPSWAT, Inc.) -- I:\Documents and Settings\John\Desktop\AppRemover.exe
[2012/01/08 10:06:01 | 004,713,472 | ---- | M] (AVAST Software) -- I:\Documents and Settings\John\Desktop\aswMBR.exe
[2012/01/07 14:41:59 | 000,302,592 | ---- | M] () -- I:\Documents and Settings\John\Desktop\bml80zym.exe
[2012/01/08 10:12:42 | 004,374,678 | R--- | M] (Swearware) -- I:\Documents and Settings\John\Desktop\ComboFix.exe
[2012/01/08 14:20:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\John\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/01/22 16:29:12 | 038,808,920 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\John\My Documents\FileFormatConverters.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/08 16:02:34 | 000,000,122 | -HS- | M] () -- I:\Documents and Settings\John\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
[2010/04/24 14:41:14 | 000,272,640 | ---- | M] () -- I:\Program Files\Mozilla Firefox\o.dat

< %USERPROFILE%\Cookies\*.txt /x >
[2009/06/27 14:23:48 | 000,000,067 | -HS- | M] () -- I:\Documents and Settings\John\Cookies\desktop.ini
[2012/01/08 11:28:23 | 000,180,224 | ---- | M] () -- I:\Documents and Settings\John\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- I:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- I:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\msmsgs.exe
[2007/04/02 12:07:23 | 000,002,882 | ---- | M] () -- I:\Program Files\Messenger\newalert.wav
[2007/04/02 12:07:23 | 000,006,156 | ---- | M] () -- I:\Program Files\Messenger\newemail.wav
[2007/04/02 12:07:24 | 000,006,160 | ---- | M] () -- I:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- I:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- I:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Extras:
OTL Extras logfile created on: 1/8/2012 2:25:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = I:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 576.96 Mb Available Physical Memory | 56.45% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.32% Paging File free
Paging file location(s): I:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 149.00 Gb Total Space | 71.17 Gb Free Space | 47.76% Space Free | Partition Type: NTFS

Computer Name: JOHN-BC19467D9A | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1123561945-448539723-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = I:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNetisabled:TurboTax -- (Intuit, Inc.)
"I:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = I:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNetisabled:TurboTax Update Manager -- (Intuit, Inc.)
"I:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = I:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"I:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = I:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"I:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = I:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*isabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"I:\WINDOWS\system32\WgaTray.exe" = I:\WINDOWS\system32\WgaTray.exe:*:Enabled:WgaTray -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{424D0DE6-670E-4744-99F9-3C84326F4C7B}" = H&R Block Kansas 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4BE15737-07C5-4705-9DFC-D9D533939942}" = NVIDIA Media Center Extensions
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6F29FA78-4E36-4888-A248-B324AE1396F8}" = H&R Block Kansas 2009
"{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}" = MotionBased Agent
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7ABCF96-AD65-4156-94A0-8A8A9AE32D6D}" = TaxCut Kansas 2008
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EPSON Artisan 837 Series" = EPSON Artisan 837 Series Printer Uninstall
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PENTAX Digital Camera Utility" = PENTAX Digital Camera Utility
"PROSet" = Intel(R) PRO Network Connections Drivers
"SystemRequirementsLab" = System Requirements Lab
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 2" = Zoo Tycoon 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2011 9:53:33 PM | Computer Name = JOHN-BC19467D9A | Source = Media Center Scheduler | ID = 0
Description =

Error - 12/16/2011 9:56:09 PM | Computer Name = JOHN-BC19467D9A | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application excel.exe, version 11.0.8033.0, stamp 449c383b,
faulting module mso.dll, version 11.0.8036.0, stamp 44b846ce, debug? 0, fault address
0x00033b90.

Error - 12/16/2011 9:56:32 PM | Computer Name = JOHN-BC19467D9A | Source = Media Center Scheduler | ID = 0
Description =

Error - 12/17/2011 12:15:40 AM | Computer Name = JOHN-BC19467D9A | Source = UmxAgent | ID = 108
Description =

Error - 12/17/2011 2:52:01 PM | Computer Name = JOHN-BC19467D9A | Source = UmxAgent | ID = 108
Description =

Error - 12/17/2011 5:57:29 PM | Computer Name = JOHN-BC19467D9A | Source = UmxAgent | ID = 108
Description =

Error - 12/27/2011 2:35:01 PM | Computer Name = JOHN-BC19467D9A | Source = UmxAgent | ID = 108
Description =

Error - 1/1/2012 4:25:11 PM | Computer Name = JOHN-BC19467D9A | Source = UmxAgent | ID = 108
Description =

Error - 1/1/2012 4:48:09 PM | Computer Name = JOHN-BC19467D9A | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2012 4:32:33 PM | Computer Name = JOHN-BC19467D9A | Source = UmxAgent | ID = 108
Description =

[ System Events ]
Error - 12/25/2011 9:46:07 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/27/2011 9:34:47 AM | Computer Name = JOHN-BC19467D9A | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
USER-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{D508C823-5466-40F7-8. The master browser is stopping or an election
is being forced.

Error - 12/27/2011 3:05:15 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Center Receiver
Service service to connect.

Error - 12/27/2011 3:05:15 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/7/2012 4:35:14 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/8/2012 12:44:41 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/8/2012 1:07:21 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7023
Description = The HIPS Policy Manager service terminated with the following error:
%%2147500037

Error - 1/8/2012 1:09:41 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/8/2012 1:26:55 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/8/2012 1:26:55 PM | Computer Name = JOHN-BC19467D9A | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

< End of report >

kspot, Jan 8, 2012

#10
Broni Malware Annihilator
You can reinstall CA now.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Convert link target to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Convert selection to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Convert to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) :Commands [purity] [emptytemp] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Jan 8, 2012

#11
kspot Newcomer, in training

CA is now reinstalled. Requested logs below:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to existing PDF\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
I:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: John
->Temp folder emptied: 474256192 bytes
->Temporary Internet Files folder emptied: 229448117 bytes
->Java cache emptied: 67354867 bytes
->FireFox cache emptied: 50307755 bytes
->Flash cache emptied: 470 bytes

User: Jonathan
->Temp folder emptied: 2365062512 bytes
->Temporary Internet Files folder emptied: 2023797858 bytes
->Java cache emptied: 54897669 bytes
->FireFox cache emptied: 13629493 bytes
->Flash cache emptied: 8598 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Pam
->Temp folder emptied: 5621812 bytes
->Temporary Internet Files folder emptied: 522615 bytes
->Java cache emptied: 53695232 bytes
->FireFox cache emptied: 525735563 bytes
->Flash cache emptied: 16061 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,593.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: Jonathan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Pam
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01082012_180327

Files\Folders moved on Reboot...
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DFA07.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DFA86.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DFD03.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DFD68.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DFF6F.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DFFA3.tmp not found!
I:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\1R1JE475\topic175829[1].html moved successfully.

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
CA Anti-Virus Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
CA CA Internet Security Suite CA Anti-Virus Plus caamsvc.exe
CA CA Internet Security Suite CA Anti-Virus Plus isafe.exe
``````````End of Log````````````

Farbar Service Scanner
Ran by John (administrator) on 08-01-2012 at 19:07:49
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

File Check:
========
I:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
I:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
I:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
I:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
I:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
I:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
I:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
I:\WINDOWS\system32\netman.dll => MD5 is legit
I:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
I:\WINDOWS\system32\srsvc.dll => MD5 is legit
I:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
I:\WINDOWS\system32\wscsvc.dll => MD5 is legit
I:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
I:\WINDOWS\system32\wuauserv.dll => MD5 is legit
I:\WINDOWS\system32\qmgr.dll => MD5 is legit
I:\WINDOWS\system32\es.dll => MD5 is legit
I:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
I:\WINDOWS\system32\svchost.exe => MD5 is legit
I:\WINDOWS\system32\rpcss.dll => MD5 is legit
I:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

I:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\td3vgl5q.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
I:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\alte1tez.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
I:\Program Files\Mozilla Firefox\o.dat a variant of Win32/Kryptik.DUI trojan
I:\Qoobox\Quarantine\I\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\h69h0tno.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan

kspot, Jan 9, 2012

#12
Broni Malware Annihilator
Uninstall:
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03

============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
Broni, Jan 9, 2012

#13
kspot Newcomer, in training

I deleted the older versions of Java using JavaRA. and did everything else below. Everything looked great when I used it, but when my wife went to google from her account she was redirected on her first try.

Below is the attached log requested:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 331479 bytes
->Temporary Internet Files folder emptied: 12663467 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 691 bytes

User: Jonathan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: Jonathan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Pam
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 01092012_053459

Files\Folders moved on Reboot...
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DF13E7.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DF1754.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DF1A16.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DF1A88.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DF1E25.tmp not found!
File\Folder I:\Documents and Settings\John\Local Settings\Temp\~DF1F44.tmp not found!
I:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8IF94WXD\topic175829[1].html moved successfully.

Registry entries deleted on Reboot...

kspot, Jan 9, 2012

#14
Broni Malware Annihilator

What browser got redirected?

Broni, Jan 9, 2012

#15
kspot Newcomer, in training

The browser that got redirected was Firefox.

kspot, Jan 9, 2012

#16
Broni Malware Annihilator
Can you check if IE is getting redirected as well?

While in your wife account.....

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Broni, Jan 9, 2012

#17
kspot Newcomer, in training

IE is not getting redirected only Firefox is getting redirected. I will run Gooredfix once I get home from work.

Thanks again for all the help.

kspot, Jan 9, 2012

#18
Broni Malware Annihilator

OK.................

Broni, Jan 9, 2012

#19
kspot Newcomer, in training

Here is the requested log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:45 on 09/01/2012 (Pam)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========

Deleting "I:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\alte1tez.default\extensions\{e024531d-ac02-4e24-8bb3-56ae7b1ace04}" -> Success!

========== GooredLog ==========

I:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:13 02/05/2011]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [00:56 09/01/2012]

I:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\alte1tez.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [23:50 25/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:10 15/08/2009]
"caaphishtoolbar@ca.com"="I:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox" [23:37 08/01/2012]
"jqs@sun.com"="I:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:00 27/05/2010]

-=E.O.F=-

kspot, Jan 9, 2012

#20

(You must log in or sign up to reply here.)

Page 1 of 2

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved