TechSpot

Possible worm

By RLK107
Dec 30, 2010
  1. While attempting to re-install HP printer s/w (Officejet Pro L7590), I rec'd a msg saying that services.exe had failed with the status code 1073741819.
    I was attempting to restore scan capability (worked well at one point).
    Other than that, system performs normally.

    From what I've observed surfing around, there seems to be a history of this malware showing up.

    I've done the 8 step procedure and pasted in the four log files.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5420

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/29/2010 10:12:39 PM
    mbam-log-2010-12-29 (22-12-39).txt

    Scan type: Quick scan
    Objects scanned: 152368
    Time elapsed: 7 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-29 22:34:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 ST316081 rev.4.AA
    Running: dbb4kbc6.exe; Driver: C:\DOCUME~1\DICKKU~1\LOCALS~1\Temp\fwtirpob.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- EOF - GMER 1.0.15 ----


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/9/2009 2:52:55 PM
    System Uptime: 12/29/2010 9:46:27 PM (1 hours ago)

    Motherboard: eMachines | | WMCP61M
    Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 69 GiB total, 47.292 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 70 GiB total, 59.679 GiB free.
    F: is Removable
    G: is FIXED (NTFS) - 596 GiB total, 504.757 GiB free.
    H: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP280: 12/21/2010 3:53:03 PM - Software Distribution Service 3.0
    RP281: 12/22/2010 11:28:46 PM - System Checkpoint
    RP282: 12/23/2010 12:53:37 AM - Installed QuickTime
    RP283: 12/23/2010 9:13:24 AM - Software Distribution Service 3.0
    RP284: 12/23/2010 10:19:46 PM - Paint.NET v3.5.6
    RP285: 12/24/2010 9:48:59 AM - Software Distribution Service 3.0
    RP286: 12/25/2010 6:42:41 PM - Removed MPM
    RP287: 12/25/2010 6:56:09 PM - Software Distribution Service 3.0
    RP288: 12/25/2010 7:09:25 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
    RP289: 12/25/2010 7:10:11 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
    RP290: 12/25/2010 8:42:47 PM - Revo Uninstaller's restore point - HP Customer Participation Program 7.0
    RP291: 12/25/2010 8:47:22 PM - Revo Uninstaller's restore point - HP Imaging Device Functions 7.0
    RP292: 12/25/2010 8:55:00 PM - Revo Uninstaller's restore point - HP Officejet Pro All-In-One Series
    RP293: 12/25/2010 9:00:43 PM - Revo Uninstaller's restore point - HP Photosmart Essential
    RP294: 12/25/2010 9:01:40 PM - Removed HP Photosmart Essential
    RP295: 12/25/2010 9:05:16 PM - Revo Uninstaller's restore point - HP Solution Center 7.0
    RP296: 12/25/2010 9:16:51 PM - Revo Uninstaller's restore point - HP Update
    RP297: 12/25/2010 9:17:25 PM - Removed HP Update.
    RP298: 12/25/2010 9:20:33 PM - Revo Uninstaller's restore point - HPSSupply
    RP299: 12/25/2010 9:20:53 PM - Removed HPSSupply
    RP300: 12/25/2010 10:01:28 PM - Installed HPSU306Stub
    RP301: 12/25/2010 10:54:29 PM - Installed HP Product Detection.
    RP302: 12/27/2010 9:17:49 AM - Software Distribution Service 3.0
    RP303: 12/28/2010 10:36:41 AM - System Checkpoint
    RP304: 12/28/2010 2:25:43 PM - Software Distribution Service 3.0
    RP305: 12/28/2010 9:35:56 PM - Software Distribution Service 3.0
    RP306: 12/29/2010 2:01:23 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    3D Text Commander 3.0.1 by Insofta Development
    7-Zip 4.65
    Ad-Aware
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    Agere Systems PCI-SV92EX Soft Modem
    Alleycode HTML Editor 2.2.1
    AllMySongs Database
    AM-DeadLink 3.3
    AnalogX Capture
    Aneesoft 3D Flash Gallery GOTD Edition
    Apple Application Support
    Apple Software Update
    Artensoft Photo Mosaic Wizard
    Ashampoo Burning Studio 2010 Advanced
    Ashampoo MyAutoplay Menu 1.0.3
    Ashampoo Photo Commander 7.21
    Ashampoo WinOptimizer 6.60
    Ask Toolbar
    Autoplay Menu Designer 3.4
    AVG Anti-Rootkit Free
    BPD_Scan
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Celestia 1.6.0
    Coupon Printer for Windows
    CRON-O-METER 0.9.7
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Driver Download Manager
    Ditto
    DS Clock
    e-Sword
    EASEUS Partition Master 4.0 Home Edition
    Easy Family Tree Deluxe®
    Easy Macro Recorder 3.75
    ERUNT 1.1j
    Everything 1.2.1.371
    ExifCleaner 1.2
    FastStone Image Viewer 4.2
    Fax
    FileZilla Client 3.3.5.1
    FolderIco 1.0
    FolderSizes 3.6
    FontFrenzy 1.51
    Foxit PDF IFilter
    Foxit Reader
    gBurner
    GIMP 2.6.8
    Glary Utilities 2.30.0.1066
    GnuCash 2.2.9
    Google Chrome
    Google Earth
    Google SketchUp 8
    Google Update Helper
    Google Updater
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    HP Product Detection
    HP Software Update
    Hulu Desktop
    IBM Lotus Symphony
    Imagicon
    Incomedia WebSite X5 Smart
    Java Auto Updater
    Java(TM) 6 Update 22
    JGsoft EditPad Lite 5.3.0
    jv16 PowerTools 2009
    KeyScrambler
    KLS Mail Backup 1.9.7.5
    Kyodai Mahjongg
    LEGO Digital Designer
    LightScribe 1.4.136.1
    Ma-Config.com
    MailAlert
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft ActiveSync 4.0
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Calculator Plus
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Publisher 2010
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Miro
    Move Media Player
    Mozilla Firefox (3.6.13)
    Mozilla Thunderbird (3.1.7)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Duplicate Remover 6.0
    MyConnection PC Lite Edition
    Nero 7 Essentials
    Network
    novaPDF Pro v5 (novaPDF Professional Desktop 5.5 printer)
    NVIDIA Drivers
    OpenDNS Updater 2.2.1
    OpenOffice.org 3.2
    Paint.NET v3.5.6
    Panda Cloud Antivirus
    Panda USB Vaccine 1.0.1.4
    pdfFactory Pro
    PDFZilla V1.2.7
    Photo Pos Pro
    PhotoWipe 1.0
    PhotoWorks
    Picasa 3
    PowerISO
    Q-Dir
    QFolder
    Quick PDF Tools 2.1.5.8
    QuickTime
    Rainlendar2 (remove only)
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Revo Uninstaller 1.90
    Scan
    SDFormatter
    Secunia PSI (2.0.0.1003)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB972260)
    Seesmic Look
    Serif PagePlus Essentials
    Setup IsoEdit
    Shape Collage
    SIW version 2010.03.11
    Smart Defrag
    SoftMaker Office 2010
    SoftOrbits Html Web Gallery Generator 1.2
    Software Informer 1.0 BETA
    Soluto
    Sophos Windows Shortcut Exploit Protection Tool
    Speccy
    Spybot - Search & Destroy
    Spyware Terminator
    Startup Defender 1.9.5
    StartupRun
    Static EMail Backup 2.9
    SUPERAntiSpyware Free Edition
    Titan Backup
    Translate.Net
    TreeSize Free V2.4
    TuneUp Utilities 2009
    Tux Paint 0.9.21b
    Tux Paint Stamps 2009-06-28
    Unity Web Player (All users)
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    USB Safely Remove 4.1
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WinDirStat 1.1.2
    Windows 7 Upgrade Advisor Beta
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinKey
    WinPatrol 2009
    WinPcap 4.0.2
    WinSnap
    WinUtilities 7.0
    Wondershare PC Health Check 1.5.2
    Wondershare Photo Collage Studio 4.2.10.7
    Wondershare Streaming Audio Recorder(Build 1.0.8.52)
    WordWeb
    Xilisoft HD Video Converter 6
    ZoneAlarm
    ZoneAlarm Backup Powered by IDrive version 1.0.5 March 11, 2010
    Zoner Photo Studio 12

    ==== Event Viewer Messages From Past Week ========

    12/29/2010 9:44:55 PM, error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The ZoneAlarmBackup WebManager service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The ZoneAlarmBackup Service service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The USB Safely Remove Assistant service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Spyware Terminator Realtime Shield Service service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The NLS Service service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
    12/29/2010 9:44:46 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/28/2010 2:51:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
    12/28/2010 2:50:51 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
    12/28/2010 12:49:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCGenFAM
    12/27/2010 11:30:49 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    12/27/2010 10:47:14 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    12/27/2010 10:43:52 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    12/26/2010 8:44:41 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/25/2010 8:08:00 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL. Reference error message: The operation completed successfully. .
    12/25/2010 7:09:49 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
    12/25/2010 7:09:49 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL. Reference error message: The operation completed successfully. .
    12/25/2010 7:09:49 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
    12/23/2010 2:44:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

    ==== End Of File ===========================


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by **** Kutz at 22:49:33.79 on Wed 12/29/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.623 [GMT -7:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: ZoneAlarm Firewall *Enabled*

    ============== Running Processes ===============

    C:\Program Files\USB Safely Remove\USBSRService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Soluto\SolutoService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe
    C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DS Clock\DSClock.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Documents and Settings\**** Kutz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
    C:\PROGRAM FILES\MAILALERT\MAILALERT.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Documents and Settings\**** Kutz\Desktop\TechSpot\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://news.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DS Clock] "c:\program files\ds clock\DSClock.exe"
    uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
    uRun: [Google Update] "c:\documents and settings\**** kutz\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [nwiz] nwiz.exe /install
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\firefox.exe.lnk - c:\program files\mozilla firefox\firefox.exe
    StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\startup defender.lnk - c:\program files\zards software\startup defender\Startup Defender.exe
    StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\disabled\calend~1.lnk - e:\my data\utilities,program installs\software by design\Calendar.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secunia psi tray.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\disabled\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\disabled\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    mPolicies-explorer: NoResolveTrack = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: {C800F8A8-08F8-472D-ADF8-4B12E2F782BA} = 208.67.222.222,208.67.220.220
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dickku~1\applic~1\mozilla\firefox\profiles\1s9mnumo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\**** kutz\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
    FF - plugin: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\**** kutz\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\**** kutz\local settings\application data\huludesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
    FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Get Mail Plus: getmail@webdesigns.ms11.net - %profile%\extensions\getmail@webdesigns.ms11.net
    FF - Ext: App Tabs: apptabs@frankyan.com - %profile%\extensions\apptabs@frankyan.com
    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
    FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    FF - Ext: Consumer Input: ConsumerInput@Compete - %profile%\extensions\ConsumerInput@Compete
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

    ============= SERVICES / DRIVERS ===============

    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-28 64288]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-12-29 3968]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 129992]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-11 142592]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-11 532224]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1389400]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-7-9 65856]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 97096]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112456]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-11-1 331296]
    R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2009-10-1 213776]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R2 ZABackupWebM;ZoneAlarmBackup WebManager;c:\program files\zonealarmbackup\ZABackupWebM.exe [2010-11-27 124432]
    R2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\program files\zonealarmbackup\ZABackup Service.exe [2010-11-27 149008]
    R3 KeyScramblerDrv;KeyScramblerDrv;c:\windows\system32\drivers\keyscrambler.sys [2010-4-12 115312]
    R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-9-19 16640]
    S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-12-13 181704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
    S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-9-7 406016]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-14 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-14 3072]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-13 15264]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-7-19 259440]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-12-30 05:35:05 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{19da7bcb-804c-42d9-a298-07f4dd08fbe3}\mpengine.dll
    2010-12-30 04:52:01 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-12-29 18:50:21 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-12-29 05:17:08 -------- d-----w- c:\windows\system32\jv16PTPortableBackup
    2010-12-24 05:19:47 -------- d-----w- c:\program files\Paint.NET
    2010-12-24 05:19:26 -------- d-----w- c:\docume~1\dickku~1\locals~1\applic~1\Paint.NET
    2010-12-23 07:58:38 75208 ----a-w- c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    2010-12-23 07:48:47 -------- d-----w- C:\My Music
    2010-12-23 07:48:03 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
    2010-12-23 07:47:40 -------- d-----w- c:\program files\common files\xing shared
    2010-12-23 07:47:18 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2010-12-23 07:46:57 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2010-12-23 06:37:28 -------- d-----w- c:\docume~1\dickku~1\locals~1\applic~1\Secunia PSI
    2010-12-23 06:36:52 -------- d-----w- c:\program files\Secunia
    2010-12-13 16:54:17 181704 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
    2010-12-13 16:54:10 -------- d-----w- c:\program files\Soluto
    2010-12-13 16:53:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Soluto
    2010-12-11 22:03:36 -------- d-----w- c:\docume~1\dickku~1\applic~1\LEGO Company
    2010-12-11 22:02:46 -------- d-----w- c:\program files\LEGO Company
    2010-12-11 22:02:20 -------- d-----w- c:\program files\Unity
    2010-12-10 17:12:54 -------- d-----w- c:\program files\Glary Utilities

    ==================== Find3M ====================

    2010-12-29 05:45:58 134 -c--a-w- c:\windows\system32\_WDYSZYG.sys
    2010-12-23 07:46:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-12-23 07:46:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-20 21:27:42 15880 -c--a-w- c:\windows\system32\lsdelete.exe
    2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-17 06:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 21:25:59 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-19 20:51:33 222080 -c----w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 22:51:56.32 ===============
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! We should be able to solve this fairly easily.

    It's likely that the full message you got was:
    But first, you need to resolve the multiple antivirus programs. The system should have only 1 AV program. More actually makes the system more vulnerable, not less. You have 3:

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated*
    AV: Panda Cloud Antivirus *Enabled/Updated*
    AV: Microsoft Security Essentials *Enabled/Updated*


    Decide which you want to keep and remove the others. Reboot the computer after completing the removals.
    ======================================
    Regarding the printer status code: It is an indication that there may be old HP entries still on the system, possibly loading from the Registry. These would prevent the scanner from doing it's job.

    I note this in the Restore Points:
    RP288: 12/25/2010 7:09:25 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
    RP289: 12/25/2010 7:10:11 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
    RP290: 12/25/2010 8:42:47 PM - Revo Uninstaller's restore point - HP Customer Participation Program 7.0
    RP291: 12/25/2010 8:47:22 PM - Revo Uninstaller's restore point - HP Imaging Device Functions 7.0
    RP292: 12/25/2010 8:55:00 PM - Revo Uninstaller's restore point - HP Officejet Pro All-In-One Series
    RP293: 12/25/2010 9:00:43 PM - Revo Uninstaller's restore point - HP Photosmart Essential
    RP294: 12/25/2010 9:01:40 PM - Removed HP Photosmart Essential
    RP295: 12/25/2010 9:05:16 PM - Revo Uninstaller's restore point - HP Solution Center 7.0
    RP296: 12/25/2010 9:16:51 PM - Revo Uninstaller's restore point - HP Update
    RP297: 12/25/2010 9:17:25 PM - Removed HP Update.
    RP298: 12/25/2010 9:20:33 PM - Revo Uninstaller's restore point - HPSSupply
    RP299: 12/25/2010 9:20:53 PM - Removed HPSSupply
    RP300: 12/25/2010 10:01:28 PM - Installed HPSU306Stub
    RP301: 12/25/2010 10:54:29 PM - Installed HP Product Detection.


    The easiest way to resolve this is to do a complete uninstall of the HP Printer> use Revo after if you want to remove any left over entries. Then reinstall the printer.

    A 'status code' isn't a n indication of a Worm, but we can check that.
    ================================================
    After you finish getting the AV programs down to one, please run the following Security Check:

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ==========================================
    Follow with this:
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    You have a lot of duplication of programs for the same functions. I'll be recommending you remove some- I'll give the names later.
     
  3. RLK107

    RLK107 TS Rookie Topic Starter Posts: 37

    ######

    In regard to the AV programs:
    I have removed the Panda software from my system and disabled the AV function from the Lavasoft Ad-Watch software (Ad-Watch is one of a number of spyware programs that I run).

    Computer was rebooted after these actions.

    I went back and did a more thorough job of eliminating the HP software from the system using both Revo and deleting the printer from Control Panel.

    Printer re-install ran to completion, however one of HP's programs that is installed along with the printer, 'HP Solution Center', gives error msg 'No HP devices have been detected. HP Solution Center will close now.'. (Ctl Panel shows HP printer as being the default printer.)

    The Security Check program was run and here is the checkup.txt output:

    ### start txt output ###

    Results of screen317's Security Check version 0.99.8
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    AVG Anti-Rootkit Free
    ZoneAlarm
    ZoneAlarm Backup Powered by IDrive version 1.0.5 March 11, 2010
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    WinPatrol 2009
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    TuneUp Utilities 2009
    CCleaner
    ExifCleaner 1.2
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Mozilla Firefox (3.6.13)
    Mozilla Thunderbird (3.1.7)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    WinPatrol winpatrol.exe
    Microsoft Security Essentials msseces.exe
    Zards software Startup Defender Startup Defender.exe
    BillP Studios WinPatrol winpatrol.exe
    ZoneAlarmBackup ZABackupWebM.exe
    ZoneAlarmBackup ZABackup Service.exe
    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````

    ### End txt output ###

    I checked the Java website, and, yes, the current version is 6.23.
    I'll wait for your go-ahead before updating to 6.23.

    I ran into a situation with the Eset program.
    I think it was due to running with Firefox rather than IE.
    This lead to Eset providing an 'installer program' and this created problems as I followed the TechSoft instructions.

    Step 1: Ticked YES
    Step 2: Clicked START
    Step 3: No Active X prompt
    Step 4: Disabled MS Essentials
    Step 5: Clicked START

    At this point scan began running before I did the check box reversals as described in Step 6.
    Of course, when it finished, it deleted the ten files it had found.
    I may be wrong, but it would appear that, under Firefox, step 6 should precede step 5.
    I never rec'd a Step 7 'Scan' option.

    A number of the infected files contained the wording 'bagle' (perhaps an indication of the intelligence of the average hacker).
    This morning when I booted up, I half expected to find the 'bagle' files back on my system.
    This was not the case.
    Here is the Eset output:

    ###Start###

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-31 09:46:39
    # local_time=2010-12-31 02:46:39 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21561198 21561198 0 0
    # compatibility_mode=5891 16776869 100 100 0 23277355 0 0
    # compatibility_mode=7937 16777213 100 100 253018 40130018 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13517909 16365655 0 0
    # scanned=384343
    # found=10
    # cleaned=10
    # scan_time=15624
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Documents & Settings datasets\Most iles from Doc. & Settings - **** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\All Users\Start Menu\Programs\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

    ###End###

    I hope the deletion of those files hasn't thrown a wrench in the gears.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding the Eset scan Directions:
    The Eset directions, in part, are:

    You set for 'Unchecked' before you start the scan. The last line, #10 tells you where the logs is. Instructions are fine as given. I prefer to move then using a special program because it will also remove associated files.
    ======================================
    Regarding AdWatch Live:
    It's a RealTime program that alerts to attempted Registry changes. I had it for many years- it came with the paid version of AdAware. But I am now seeing the logs clearly describing AdWatch Live as an antivirus program:
    AV: Lavasoft Ad-Watch Live! Anti-Virus
    ==================================================
    Regarding HP Error message:
    There is probably an entry still on the Startup meni for this. Unchecking should resolve it.
    This message had nothing to do with the 'probablem':
    ========================================
    Regarding the Bagel Worm:
    The first 6 entries in the Eset log are from Sptbot. The program found and quarantined (the 'zip designation) file that has the bagel Worm:
    Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip and goes through to #6 as in WinBankerfgv5.zip Those entries can be removed from the Spybot quarantine folder
    =============================================
    Active Entries were:
    Win32/RegistryBooster was found on Drive C, which you then bbacked up and infected Drive G doing a full backup.

    eBay.url Win32/Adware.ADON was backed up to Titan Backups\Full Backup
    Win32/RegistryBooster was backed up again to Drive G.
    =================================================
    Now let me help you clean this up> stop the backups for now. If Drive G is for the USB, we will need to disinfect that also.

    Please open Spybot Search & Destroy. Find the Quarantine folder and delete it's contents.

    Run the Eset scan again taking care to make sure the box for Removal is not checked
    ===========================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    You have too many security-related programs. I will make suggestions for you to remove some of them.
     
  5. RLK107

    RLK107 TS Rookie Topic Starter Posts: 37

    It looks like the ESET program ran with the wrong settings again. (log file below)
    The other thing I noticed was one of the programs mentioning that I did not have the MS Recovery Console. I have had a Recovery Console since early '10. At that time I picked up a Firefox redirect bug and T/S facilitator Broni helped me recover. I assume the Recovery Console was installed at that time. The 2 second option to activate it has come up for every boot since that time although I've never used it.
    (I did choose to have it installed again today and it loaded successfully.)

    Could both the ESET execution irregularity and the program failure to recognize that I had the MS Recovery Console installed be related to the fact that I run Firefox and not IE?

    #### Start ESET log ####

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-31 09:46:39
    # local_time=2010-12-31 02:46:39 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21561198 21561198 0 0
    # compatibility_mode=5891 16776869 100 100 0 23277355 0 0
    # compatibility_mode=7937 16777213 100 100 253018 40130018 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13517909 16365655 0 0
    # scanned=384343
    # found=10
    # cleaned=10
    # scan_time=15624
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Documents & Settings datasets\Most iles from Doc. & Settings - **** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\All Users\Start Menu\Programs\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-31 02:53:55
    # local_time=2010-12-31 07:53:55 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21595243 21595243 0 0
    # compatibility_mode=5891 16776533 100 100 0 23311400 0 0
    # compatibility_mode=7937 16777213 100 100 287063 40164063 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13551954 16399700 0 0
    # scanned=678
    # found=0
    # cleaned=0
    # scan_time=16
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-01 08:39:22
    # local_time=2011-01-01 01:39:22 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21622623 21622623 0 0
    # compatibility_mode=5891 16776869 100 100 0 23338780 0 0
    # compatibility_mode=7937 16777213 100 100 314443 40191443 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13579334 16427080 0 0
    # scanned=384543
    # found=0
    # cleaned=0
    # scan_time=36564

    #### End ESET log ####

    #### Begin Combofix log ####

    ComboFix 11-01-01.01 - **** Kutz 01/01/2011 18:23:19.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.874 [GMT -7:00]
    Running from: c:\documents and settings\**** Kutz\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\page
    c:\documents and settings\All Users\Application Data\page\page.ico
    c:\documents and settings\All Users\Application Data\page\page.URL
    c:\documents and settings\All Users\Microsoft
    c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
    c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
    c:\windows\system32\dumphive.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\sqlite3.dll
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
    .

    2011-01-01 15:16 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34E81A30-9AD9-40E3-8309-2D789591799E}\mpengine.dll
    2010-12-31 05:11 . 2010-12-31 05:11 -------- d-----w- c:\program files\ESET
    2010-12-31 04:11 . 2010-12-31 04:11 -------- d-----w- c:\program files\Hewlett-Packard
    2010-12-30 04:52 . 2011-01-02 00:44 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-12-29 18:50 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-12-29 05:17 . 2010-12-29 05:17 -------- d-----w- c:\windows\system32\jv16PTPortableBackup
    2010-12-24 05:19 . 2010-12-24 05:20 -------- d-----w- c:\program files\Paint.NET
    2010-12-24 05:19 . 2010-12-24 05:30 -------- d-----w- c:\documents and settings\**** Kutz\Local Settings\Application Data\Paint.NET
    2010-12-23 07:58 . 2010-12-23 07:57 75208 ----a-w- c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    2010-12-23 07:54 . 2010-12-23 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-12-23 07:48 . 2010-12-23 07:48 -------- d-----w- C:\My Music
    2010-12-23 07:48 . 2010-12-23 07:48 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2010-12-23 07:47 . 2010-12-23 07:47 -------- d-----w- c:\program files\Common Files\xing shared
    2010-12-23 07:47 . 2010-12-23 07:47 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2010-12-23 07:46 . 2010-12-23 07:46 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2010-12-23 06:37 . 2010-12-23 06:37 -------- d-----w- c:\documents and settings\**** Kutz\Local Settings\Application Data\Secunia PSI
    2010-12-23 06:36 . 2010-12-23 06:36 -------- d-----w- c:\program files\Secunia
    2010-12-13 16:54 . 2010-11-02 03:50 181704 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
    2010-12-13 16:54 . 2010-12-13 16:54 -------- d-----w- c:\program files\Soluto
    2010-12-13 16:53 . 2010-12-13 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
    2010-12-11 22:03 . 2010-12-11 22:03 -------- d-----w- c:\documents and settings\**** Kutz\Application Data\LEGO Company
    2010-12-11 22:02 . 2010-12-11 22:02 -------- d-----w- c:\program files\LEGO Company
    2010-12-11 22:02 . 2010-12-11 22:02 -------- d-----w- c:\program files\Unity
    2010-12-10 17:12 . 2010-12-10 17:13 -------- d-----w- c:\program files\Glary Utilities

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-23 07:46 . 2004-12-30 18:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-23 07:46 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-12-21 01:09 . 2010-03-16 01:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 01:08 . 2010-03-16 01:12 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 21:27 . 2010-06-13 07:16 15880 -c--a-w- c:\windows\system32\lsdelete.exe
    2010-11-30 00:38 . 2010-11-30 00:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 00:38 . 2010-11-30 00:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2009-09-09 20:48 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-17 06:41 . 2010-11-17 06:41 323624 ----a-w- c:\windows\system32\wiaaut.dll
    2010-11-10 04:33 . 2009-10-22 14:53 6273872 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-05 16:27 . 2010-02-16 17:14 98392 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 21:25 . 2010-10-28 21:25 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
    2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-19 20:51 . 2009-10-21 00:03 222080 -c----w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DS Clock"="c:\program files\DS Clock\DSClock.exe" [2008-06-21 577606]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2009-09-11 1591808]
    "Google Update"="c:\documents and settings\**** Kutz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-04 133104]
    "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-12 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-16 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
    "nwiz"="nwiz.exe" [2008-09-18 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\**** Kutz\Start Menu\Programs\Startup\
    Firefox.exe.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-11-2 912344]
    Startup Defender.lnk - c:\program files\Zards software\Startup Defender\Startup Defender.exe [2009-1-25 1045504]

    c:\documents and settings\**** Kutz\Start Menu\Programs\Startup\Disabled
    Calendar 2000.lnk - e:\my data\Utilities,program installs\Software by Design\Calendar.exe [2009-1-26 274432]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\Disabled
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-11 113664]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^**** Kutz^Start Menu^Programs^Startup^Secunia PSI.lnk]
    backup=c:\windows\pss\Secunia PSI.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
    "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
    "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\Soluto\\Soluto.exe"=
    "c:\\Program Files\\Soluto\\SolutoService.exe"=
    "c:\\Program Files\\Soluto\\SolutoConsole.exe"=
    "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/28/2010 1:35 PM 64288]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67656]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/11/2009 7:12 PM 142592]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 5:04 AM 987704]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [11/1/2010 8:59 PM 331296]
    R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [10/1/2009 10:57 PM 213776]
    R2 ZABackupWebM;ZoneAlarmBackup WebManager;c:\program files\ZoneAlarmBackup\ZABackupWebM.exe [11/27/2010 12:08 PM 124432]
    R2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\program files\ZoneAlarmBackup\ZABackup Service.exe [11/27/2010 12:08 PM 149008]
    R3 KeyScramblerDrv;KeyScramblerDrv;c:\windows\system32\drivers\keyscrambler.sys [4/12/2010 4:30 PM 115312]
    R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [9/19/2009 11:55 AM 16640]
    S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [12/13/2010 9:54 AM 181704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 5:04 AM 399416]
    S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [9/7/2010 11:51 PM 406016]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/14/2009 8:46 PM 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/14/2009 8:46 PM 3072]
    S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/12/2009 12:21 PM 133104]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 10:28 AM 1389400]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/13/2010 9:02 AM 15264]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [7/19/2010 1:59 PM 259440]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    HPService REG_MULTI_SZ HPSLPSVC

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-02 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 22:54]

    2011-01-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 21:26]

    2010-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-12-10 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-12-10 17:47]

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 19:20]

    2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 19:20]

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-573735546-839522115-1003Core.job
    - c:\documents and settings\**** Kutz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 14:48]

    2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-573735546-839522115-1003UA.job
    - c:\documents and settings\**** Kutz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 14:48]

    2011-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-573735546-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]

    2011-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-573735546-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]

    2011-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 22:50]

    2010-12-20 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-24 00:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: {C800F8A8-08F8-472D-ADF8-4B12E2F782BA} = 208.67.222.222,208.67.220.220
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\**** Kutz\Application Data\Mozilla\Firefox\Profiles\1s9mnumo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
    FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Get Mail Plus: getmail@webdesigns.ms11.net - %profile%\extensions\getmail@webdesigns.ms11.net
    FF - Ext: App Tabs: apptabs@frankyan.com - %profile%\extensions\apptabs@frankyan.com
    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
    FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    FF - Ext: Consumer Input: ConsumerInput@Compete - %profile%\extensions\ConsumerInput@Compete
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-01 18:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-20\Software\AppDataLow\ISWVolatile]
    @DACL=(02 0000)

    [HKEY_USERS\S-1-5-21-329068152-573735546-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1024)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-01-01 18:32:00
    ComboFix-quarantined-files.txt 2011-01-02 01:31
    ComboFix2.txt 2010-04-20 01:58

    Pre-Run: 51,522,732,032 bytes free
    Post-Run: 51,652,038,656 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 4B7C90A69BECD70EF039808996CB1D5D
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'd like to make a recommendation for you: remove most if not all of the 'system optimizer' programs. You will find that most use more resources than overall benefit you may get:
    Advanced SystemCare 3>> Program not good, download site not recommended.
    Glary Utilities>> System optimizer & Registry cleaner
    FreeRAM XP Pro
    MyConnection PC Lite Edition
    TuneUp Utilities 2009


    This program and other similar programs of same type will bring adware. Suggest removal:
    Coupon Printer for Windows

    You have way too much security. Advise thin it down to one antivirus, one firewall, and two antimalware programs:
    Ad-Aware
    AVG Anti-Rootkit Free
    KeyScrambler Drv>> Protect against keyloggers
    Microsoft Antimalware
    Microsoft Security Essentials
    Panda Cloud Antivirus
    Secunia PSI (2.0.0.1003)
    Sophos Windows Shortcut Exploit Protection Tool
    Spybot - Search & Destroy
    Spyware Terminator
    SUPERAntiSpyware Free Edition
    WinPatrol 2009
    Windows Defender
    ZoneAlarm


    Stop all the auto-updates. These can be a vulnerability and well as use resources to access internet numerous times each day:
    Real Player
    Java
    Google
    OpenDNS
    HP Update
    and any others


    Remove the Askbar for the scheduled update:
    2011-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 22:50]


    I don't know of anyone who downloads and installs the Ask.com toolbars, media players, et al. IT is called Foistware because it installs without the permission or knowledge of the user.

    You're carrying all of the above around when you surf and yet here you are, with malware! Take control of your system! You don't need to get programs to clean it, optimize it and run it>> you do that! Put a reasonable amount of security programs on the system.

    Keep in mind: You, the user, are the first line of security. It only takes one click on the wrong thing or accessing an unsafe site!
    =================================================
    I'd like you to run a different online virus scan just to be sure all is removed:
    Run Kaspersky Online Scanner
    The scan is done with Internet Explorer (v6 or +above),Firefox (version 2, 3 and older) and in Opera (version 9 or +abover).
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Include log in next reply.
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
     
  7. RLK107

    RLK107 TS Rookie Topic Starter Posts: 37

    Ran into problem after attempting to run Kapersky scan (on IE 8).

    MS-Essentials – off
    Ad-Watch in Ad-Aware - off (permanently)

    *** Cut from the Kapersky display after starting the scan ***

    Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.

    *** End Kapersky text

    *** From Java console after above message ***

    Java Plug-in 1.6.0_23
    Using JRE version 1.6.0_23-b05 Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\**** Kutz
    ----------------------------------------------------
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    ----------------------------------------------------


    => ReportApplet.ReportApplet <=
    => MainApplet.MainApplet !!!!!<=
    => ReportApplet.start <=
    => MainApplet.init <=
    => ReportApplet.init <=
    => MainApplet.start <=
    Exception in thread "thread applet-com.kaspersky.kosp.MainApplet.class-2" java.lang.ExceptionInInitializerError
    at com.kaspersky.kosp.MainApplet.start(MainApplet.java:94)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
    at java.lang.System.getProperty(Unknown Source)
    at com.kaspersky.kosp.common.Common.<clinit>(Common.java:35)
    ... 3 more
    => ReportApplet.stop <=
    => ReportApplet.destroy <=
    => MainApplet.MainApplet !!!!!<=
    => MainApplet.init <=
    => ReportApplet.ReportApplet <=
    => MainApplet.start <=
    Exception in thread "thread applet-com.kaspersky.kosp.MainApplet.class-5" java.lang.NoClassDefFoundError: Could not initialize class com.kaspersky.kosp.common.Common
    at com.kaspersky.kosp.MainApplet.start(MainApplet.java:94)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    => ReportApplet.start <=
    => ReportApplet.init <=
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Strange error! But it appears there may have been an interruption at a critical point:
    Please go ahead and get the v6u23 Java update. Reboot the computer when finished.

    Try the Kaspersky scan again. The scan is done with Internet Explorer (v6 or +above),Firefox (version 2, 3 and older) and in Opera (version 9 or +abover).
    (Note: I modified the Kaspersky dorections in my post to show it can be run in any of three browsers.)

    If that problem persist, run the Eset scan again without checking for removals
     
  9. RLK107

    RLK107 TS Rookie Topic Starter Posts: 37

    I had installed the 6.23 Java update just prior to the IE/Kaspersky run.

    In making the Firefox/Kaspersky run, I thought we were home free.
    Their database downloaded, but then the run erred out again.
    This is a screen shot of the error.

    [​IMG]

    After that, I re-ran ESET which appears to be a clean run. The cumulative log file is pasted below.

    Are we finished at this point?
    If so, I'd like to thank you for your help.

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-31 09:46:39
    # local_time=2010-12-31 02:46:39 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21561198 21561198 0 0
    # compatibility_mode=5891 16776869 100 100 0 23277355 0 0
    # compatibility_mode=7937 16777213 100 100 253018 40130018 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13517909 16365655 0 0
    # scanned=384343
    # found=10
    # cleaned=10
    # scan_time=15624
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Documents & Settings datasets\Most iles from Doc. & Settings - **** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\All Users\Start Menu\Programs\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-31 02:53:55
    # local_time=2010-12-31 07:53:55 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21595243 21595243 0 0
    # compatibility_mode=5891 16776533 100 100 0 23311400 0 0
    # compatibility_mode=7937 16777213 100 100 287063 40164063 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13551954 16399700 0 0
    # scanned=678
    # found=0
    # cleaned=0
    # scan_time=16
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-01 08:39:22
    # local_time=2011-01-01 01:39:22 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21622623 21622623 0 0
    # compatibility_mode=5891 16776869 100 100 0 23338780 0 0
    # compatibility_mode=7937 16777213 100 100 314443 40191443 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13579334 16427080 0 0
    # scanned=384543
    # found=0
    # cleaned=0
    # scan_time=36564
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=171f7844f36ef049a8977b1c9538af0c
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-05 01:57:10
    # local_time=2011-01-05 06:57:10 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 21998836 21998836 0 0
    # compatibility_mode=5891 16776869 100 100 0 23714993 0 0
    # compatibility_mode=7937 16777213 100 100 690656 40567656 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 13955547 16803293 0 0
    # scanned=385726
    # found=0
    # cleaned=0
    # scan_time=25022
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Others are getting the same 'license' message for Kaspersky. Every once in a while, either Eset or Kaspersky gets tempramental and we have to switch to the other!

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      :Files  
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip 
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip 
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip 
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip 
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip 
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip 
      C:\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe 
      G:\BACKUPS\Documents & Settings datasets\Most iles from Doc. & Settings - **** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe 
      G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\All Users\Start Menu\Programs\eBay.url 
      G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================================
    Empty the Spybot quarantine folder. Then you will be clean.
    ===============================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
  11. RLK107

    RLK107 TS Rookie Topic Starter Posts: 37

    Regarding the:
    ================================================
    *Empty the Spybot quarantine folder. Then you will be clean.*
    ===============================================
    instruction, 'Program Files/Spybot' did not have a Quarantine folder and I could find neither a quarantine folder or file relating to Spybot on my system.

    *** OTC log start ***
    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    File/Folder C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip not found.
    File/Folder C:\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe not found.
    File/Folder G:\BACKUPS\Documents & Settings datasets\Most iles from Doc. & Settings - **** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe not found.
    File/Folder G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\All Users\Start Menu\Programs\eBay.url not found.
    File/Folder G:\BACKUPS\Titan Backups\Full Backup 2-21-10\C\Documents and Settings\**** Kutz\My Documents\Downloads\Earlier downloads\registrybooster.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: **** Kutz
    ->Temp folder emptied: 134233506 bytes
    ->Temporary Internet Files folder emptied: 680744 bytes
    ->Java cache emptied: 130116 bytes
    ->FireFox cache emptied: 101296665 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 4884 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 31790 bytes
    ->Temporary Internet Files folder emptied: 575588 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 7232 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 80049 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 201128376 bytes

    Total Files Cleaned = 418.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 01052011_124833

    Files moved on Reboot...
    C:\Documents and Settings\**** Kutz\Local Settings\Temp\~DF122E.tmp moved successfully.
    File C:\WINDOWS\temp\ZLT00542.TMP not found!

    Registry entries deleted on Reboot...

    *** OTC log end ***

    *** Combofix log start ***
    ComboFix 11-01-05.01 - **** Kutz 01/05/2011 13:12:14.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1176 [GMT -7:00]
    Running from: c:\docume~1\DICKKU~1\Desktop\TechSpot\ComboFix.exe
    Command switches used :: .Uninstall
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\**** Kutz\x.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))
    .

    2011-01-05 19:55 . 2011-01-05 19:55 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-01-05 19:48 . 2011-01-05 19:48 -------- d-----w- C:\_OTM
    2011-01-05 15:29 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0166673-511E-4FD4-8282-706FD7543F84}\mpengine.dll
    2011-01-03 19:50 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
    2011-01-03 19:50 . 2011-01-03 19:50 -------- d-----w- c:\program files\KeyScrambler
    2010-12-31 05:11 . 2010-12-31 05:11 -------- d-----w- c:\program files\ESET
    2010-12-31 04:11 . 2010-12-31 04:11 -------- d-----w- c:\program files\Hewlett-Packard
    2010-12-29 05:17 . 2010-12-29 05:17 -------- d-----w- c:\windows\system32\jv16PTPortableBackup
    2010-12-24 05:19 . 2010-12-24 05:20 -------- d-----w- c:\program files\Paint.NET
    2010-12-24 05:19 . 2010-12-24 05:30 -------- d-----w- c:\documents and settings\**** Kutz\Local Settings\Application Data\Paint.NET
    2010-12-23 07:58 . 2010-12-23 07:57 75208 ----a-w- c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    2010-12-23 07:54 . 2010-12-23 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-12-23 07:48 . 2010-12-23 07:48 -------- d-----w- C:\My Music
    2010-12-23 07:48 . 2010-12-23 07:48 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2010-12-23 07:47 . 2010-12-23 07:47 -------- d-----w- c:\program files\Common Files\xing shared
    2010-12-23 07:47 . 2010-12-23 07:47 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2010-12-23 07:46 . 2010-12-23 07:46 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2010-12-23 06:37 . 2010-12-23 06:37 -------- d-----w- c:\documents and settings\**** Kutz\Local Settings\Application Data\Secunia PSI
    2010-12-23 06:36 . 2010-12-23 06:36 -------- d-----w- c:\program files\Secunia
    2010-12-13 16:54 . 2010-11-02 03:50 181704 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
    2010-12-13 16:54 . 2010-12-13 16:54 -------- d-----w- c:\program files\Soluto
    2010-12-13 16:53 . 2010-12-13 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
    2010-12-11 22:03 . 2010-12-11 22:03 -------- d-----w- c:\documents and settings\**** Kutz\Application Data\LEGO Company
    2010-12-11 22:02 . 2010-12-11 22:02 -------- d-----w- c:\program files\LEGO Company
    2010-12-11 22:02 . 2010-12-11 22:02 -------- d-----w- c:\program files\Unity
    2010-12-10 17:12 . 2010-12-10 17:13 -------- d-----w- c:\program files\Glary Utilities

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-23 07:46 . 2004-12-30 18:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-23 07:46 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-12-21 01:09 . 2010-03-16 01:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 01:08 . 2010-03-16 01:12 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 21:27 . 2010-06-13 07:16 15880 -c--a-w- c:\windows\system32\lsdelete.exe
    2010-11-30 00:38 . 2010-11-30 00:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 00:38 . 2010-11-30 00:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2009-09-09 20:48 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-17 06:41 . 2010-11-17 06:41 323624 ----a-w- c:\windows\system32\wiaaut.dll
    2010-11-13 01:53 . 2010-04-15 19:55 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 23:34 . 2010-04-15 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-10 04:33 . 2009-10-22 14:53 6273872 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-05 16:27 . 2010-02-16 17:14 98392 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-19 20:51 . 2009-10-21 00:03 222080 -c----w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-01-02_01.28.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-05 19:50 . 2011-01-05 19:50 16384 c:\windows\Temp\Perflib_Perfdata_660.dat
    + 2011-01-03 08:17 . 2010-11-13 01:53 157472 c:\windows\system32\javaws.exe
    + 2011-01-03 08:17 . 2010-11-13 01:53 145184 c:\windows\system32\javaw.exe
    - 2010-11-03 01:32 . 2010-09-15 10:50 145184 c:\windows\system32\javaw.exe
    + 2011-01-03 08:17 . 2010-11-13 01:53 145184 c:\windows\system32\java.exe
    - 2010-11-03 01:32 . 2010-09-15 10:50 145184 c:\windows\system32\java.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DS Clock"="c:\program files\DS Clock\DSClock.exe" [2008-06-21 577606]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2009-09-11 1591808]
    "Google Update"="c:\documents and settings\**** Kutz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-04 133104]
    "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-12 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-16 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
    "nwiz"="nwiz.exe" [2008-09-18 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\**** Kutz\Start Menu\Programs\Startup\
    Firefox.exe.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-11-2 912344]
    Startup Defender.lnk - c:\program files\Zards software\Startup Defender\Startup Defender.exe [2009-1-25 1045504]

    c:\documents and settings\**** Kutz\Start Menu\Programs\Startup\Disabled
    Calendar 2000.lnk - e:\my data\Utilities,program installs\Software by Design\Calendar.exe [2009-1-26 274432]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\Disabled
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-11 113664]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^**** Kutz^Start Menu^Programs^Startup^Secunia PSI.lnk]
    backup=c:\windows\pss\Secunia PSI.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
    "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
    "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\Soluto\\Soluto.exe"=
    "c:\\Program Files\\Soluto\\SolutoService.exe"=
    "c:\\Program Files\\Soluto\\SolutoConsole.exe"=
    "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/28/2010 1:35 PM 64288]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67656]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/11/2009 7:12 PM 142592]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 5:04 AM 987704]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [11/1/2010 8:59 PM 331296]
    R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [10/1/2009 10:57 PM 213776]
    R2 ZABackupWebM;ZoneAlarmBackup WebManager;c:\program files\ZoneAlarmBackup\ZABackupWebM.exe [11/27/2010 12:08 PM 124432]
    R2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\program files\ZoneAlarmBackup\ZABackup Service.exe [11/27/2010 12:08 PM 149008]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [1/3/2011 12:50 PM 114952]
    R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [9/19/2009 11:55 AM 16640]
    S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [12/13/2010 9:54 AM 181704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 5:04 AM 399416]
    S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [9/7/2010 11:51 PM 406016]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/14/2009 8:46 PM 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/14/2009 8:46 PM 3072]
    S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/12/2009 12:21 PM 133104]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 10:28 AM 1389400]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/13/2010 9:02 AM 15264]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [7/19/2010 1:59 PM 259440]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 21:26]

    2011-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2011-01-05 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-12-10 17:47]

    2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 19:20]

    2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 19:20]

    2011-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-573735546-839522115-1003Core.job
    - c:\documents and settings\**** Kutz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 14:48]

    2011-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-573735546-839522115-1003UA.job
    - c:\documents and settings\**** Kutz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 14:48]

    2011-01-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-573735546-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]

    2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-573735546-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: {C800F8A8-08F8-472D-ADF8-4B12E2F782BA} = 208.67.222.222,208.67.220.220
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\**** Kutz\Application Data\Mozilla\Firefox\Profiles\1s9mnumo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.pandora.com/#/stations/create/|http://www.techspot.com/vb/topic158919.html#post986691|http://workflowy.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
    FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Get Mail Plus: getmail@webdesigns.ms11.net - %profile%\extensions\getmail@webdesigns.ms11.net
    FF - Ext: App Tabs: apptabs@frankyan.com - %profile%\extensions\apptabs@frankyan.com
    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
    FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    FF - Ext: Consumer Input: ConsumerInput@Compete - %profile%\extensions\ConsumerInput@Compete
    FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-05 13:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-20\Software\AppDataLow\ISWVolatile]
    @DACL=(02 0000)

    [HKEY_USERS\S-1-5-21-329068152-573735546-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1168)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-01-05 13:20:37
    ComboFix-quarantined-files.txt 2011-01-05 20:20
    ComboFix2.txt 2011-01-02 01:32
    ComboFix3.txt 2010-04-20 01:58

    Pre-Run: 51,823,017,984 bytes free
    Post-Run: 51,805,577,216 bytes free

    - - End Of File - - 35389361F3C78FF916101DCD1D143DD9

    *** Combofix log end ***
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is a hidden file:
    Using Windows Explorer: Windows key + E> Show Hidden Folders/Files
    • Open My Computer.
    • Go to Tools > Folder Options.
    • Select the View tab.
    • Scroll down to Hidden files and folders.
    • Select Show hidden files and folders.
    • Uncheck (untick) Hide extensions of known file types.
    • Uncheck (untick) Hide protected operating system files (Recommended).
    • Click Yes when prompted.
    • Click OK.

    My Computer> Local Drive> Documents and Settings> All Users> Application Data>Spybot - Search & Destroy\> Delete all these entries:

    Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip

    Reset Hidden/System Files & Folders
    Exit Winddows Explorer.
    ========================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    I'll give this log a check and then you can follow the Removing all of the tools we used and the files and folders they created in Reply #10.
     
  13. RLK107

    RLK107 TS Rookie Topic Starter Posts: 37

    HijackThis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:41:10, on 1/7/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\USB Safely Remove\USBSRService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe
    C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DS Clock\DSClock.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Documents and Settings\**** Kutz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
    C:\PROGRAM FILES\MAILALERT\MAILALERT.EXE
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\DSClock.exe"
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\**** Kutz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Disabled
    O4 - Startup: Firefox.exe.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
    O4 - Global Startup: Disabled
    O4 - Global Startup: Secunia PSI Tray.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C800F8A8-08F8-472D-ADF8-4B12E2F782BA}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: ZoneAlarmBackup WebManager (ZABackupWebM) - Pro-Softnet - C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe
    O23 - Service: ZoneAlarmBackup Service - Pro Softnet Corporation - C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe

    --
    End of file - 9401 bytes
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you remove the programs we used as instructed? I'm not sure what you did here:
    You ran the second Combofix from this: Combofix 2>>1/5 Command switches used :: .Uninstall instead of this: Combofix 1> 1/1/>> Running from: c:\documents and settings\**** Kutz\Desktop\ComboFix.exe

    But you can do the uninstall now as instructed. The HJT log is okay- I would have you reopen it to system scan only and check these 2 entries:
    O4 - Startup: Disabled
    O4 - Global Startup: Disabled

    Close all Windows except HJT and click Fix Checked.

    Finish any removals of the cleaning tools you still have. The computer is clean.

    Let me know if you have any more questions.
     
  15. RLK107

    RLK107 TS Rookie Topic Starter Posts: 37

    HJT ran with no problems.

    Bobbye, thank you again for your help. You guys do a tremendous job.
    Techspot.com is definitely one of the 'net's shining stars.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're very welcome. I appreciate your patience. Stay safe>>>
    Tips for added security and safer browsing:
    1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
      This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
    2. Have layered Security:
      • Antivirus Software(only one):Both of the following programs are free and known to be good:
        [o]Avira Free
        [o]Avast Home
      • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
        [o]Comodo
        [o]Zone Alarm
      • Antispyware: I recommend all of the following:
        [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
      IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
      Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
      [o]Replace the Host Files
      MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
    3. Stay current on updates:
      [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
      [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
      [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
    4. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    5. Do regular Maintenance
      Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
      Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
    6. Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Use a Site Advisor: know what you're clicking on before you click!
    The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

    Every time to do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight.

    If you want to link to another site from the page you're on, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.

    Give it a try- it does exactly what you want:http://www.mywot.com/en/download
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...