Solved Random shutdowns with XP

[j2z]

My computer has been running clean for nearly three years since getting great support from this board, but I've been having problems recently with it shutting down at random times. Sometimes it resets and sometimes I have to power down. It took about five tries to get running tonight and now it's been going strong for over an hour. Before tearing into the box to look for hardware problems I thought it best to check for malware or a virus. Should I start the 4-step process and post accordingly? Thanks in advance!

- Jeff

 

[j2z]

MBAM report:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dad :: VANDELAY-2112 [administrator]

12/2/2012 11:18:53 AM
mbam-log-2012-12-02 (11-18-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359173
Time elapsed: 21 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[j2z]

DDS report:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Dad at 12:02:33 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.237 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cox.net/
uWindow Title = Internet Explorer Provided by Cox High Speed Internet
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcaler~1.lnk - c:\program files\msi\pc alert 4\PCAlert4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail111a.urscorp.com/iNotes6W.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223764482484
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A32BF7BE-3FBC-4AEC-9F7A-040199D17247} : DHCPNameServer = 192.168.0.1
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\6qvqm652.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - ExtSQL: !HIDDEN! 2009-08-07 11:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-25 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-4 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-4 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 44808]
S2 gupdate1c9b72e8bd6313e;Google Update Service (gupdate1c9b72e8bd6313e);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"
ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2012-12-02 08:14:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-02 08:14:48 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-02 08:08:47 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-12-02 08:08:41 -------- d-----w- c:\program files\McAfee Security Scan
2012-12-02 08:07:35 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-02 06:49:50 -------- d-----w- c:\documents and settings\dad\application data\Nico Mak Computing
2012-12-02 06:49:00 17224 ----a-w- c:\windows\system32\roboot.exe
.
==================== Find3M ====================
.
2012-12-02 08:07:06 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-02 08:07:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:03:44.29 ===============

 

[j2z]

Attach report:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2004 11:23:02 AM
System Uptime: 12/2/2012 9:37:54 AM (3 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6540
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 128 GiB total, 63.262 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 21 GiB total, 6.252 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_53321462&REV_00\3&61AAA01&0&1B
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_53321462&REV_00\3&61AAA01&0&1B
Service:
.
==== System Restore Points ===================
.
RP457: 9/3/2012 12:40:11 PM - System Checkpoint
RP458: 9/4/2012 8:24:01 PM - System Checkpoint
RP459: 9/5/2012 9:40:22 PM - Installed QuickTime
RP460: 9/8/2012 11:29:43 PM - System Checkpoint
RP461: 9/10/2012 6:28:48 PM - System Checkpoint
RP462: 9/12/2012 5:13:12 PM - System Checkpoint
RP463: 9/13/2012 5:40:25 PM - System Checkpoint
RP464: 9/14/2012 9:48:33 PM - System Checkpoint
RP465: 9/22/2012 12:15:49 PM - System Checkpoint
RP466: 9/23/2012 3:54:13 PM - System Checkpoint
RP467: 9/24/2012 6:14:32 PM - System Checkpoint
RP468: 9/25/2012 7:14:08 PM - System Checkpoint
RP469: 9/26/2012 8:02:41 PM - System Checkpoint
RP470: 9/29/2012 12:27:00 PM - System Checkpoint
RP471: 9/30/2012 10:25:15 PM - System Checkpoint
RP472: 10/2/2012 9:26:20 PM - System Checkpoint
RP473: 10/6/2012 7:52:54 AM - System Checkpoint
RP474: 10/8/2012 6:47:04 PM - System Checkpoint
RP475: 10/9/2012 9:58:30 PM - System Checkpoint
RP476: 10/11/2012 8:10:06 PM - System Checkpoint
RP477: 10/13/2012 4:53:16 PM - System Checkpoint
RP478: 10/19/2012 10:25:37 PM - System Checkpoint
RP479: 10/21/2012 1:04:56 PM - System Checkpoint
RP480: 10/26/2012 5:28:41 PM - System Checkpoint
RP481: 10/27/2012 6:05:22 PM - System Checkpoint
RP482: 10/28/2012 10:01:25 PM - System Checkpoint
RP483: 10/29/2012 10:37:31 PM - System Checkpoint
RP484: 11/1/2012 6:55:56 PM - System Checkpoint
RP485: 11/5/2012 8:46:56 PM - System Checkpoint
RP486: 11/7/2012 6:25:31 PM - System Checkpoint
RP487: 11/8/2012 7:22:53 PM - System Checkpoint
RP488: 11/10/2012 4:23:28 PM - System Checkpoint
RP489: 11/12/2012 6:55:05 PM - System Checkpoint
RP490: 11/17/2012 2:32:17 PM - System Checkpoint
RP491: 11/18/2012 5:56:17 PM - System Checkpoint
RP492: 11/19/2012 8:10:05 PM - System Checkpoint
RP493: 11/21/2012 8:53:21 AM - System Checkpoint
RP494: 11/22/2012 7:07:53 PM - System Checkpoint
RP495: 11/23/2012 10:15:36 PM - System Checkpoint
RP496: 11/26/2012 8:10:58 PM - System Checkpoint
RP497: 12/1/2012 12:29:22 PM - System Checkpoint
RP498: 12/2/2012 12:56:22 AM - WinZip Registry Optimizer Sun, Dec 02, 12 00:56
RP499: 12/2/2012 1:50:54 AM - Installed QuickTime
RP500: 12/2/2012 2:06:46 AM - Installed Java 7 Update 9
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcGIS ArcObjects Developer Kit
ArcGIS Desktop
ArcGIS Explorer Desktop
ArcGIS Tutorial Data
avast! Free Antivirus
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CorelDRAW 10
Critical Update for Windows Media Player 11 (KB959772)
Diamond Scheduler 6
Diamond Scheduler Multidivision Approach 1
Diamond Scheduler Multidivision Approach 2
Diamond Scheduler Multidivision Approach 3
DiscWizard 2003
EclipseCrossword
Epson CreativeZone
Epson Easy Photo Print 2
EPSON NX410 Series Printer Uninstall
EPSON Scan
EPSON Web-To-Page
ffdshow [rev 2527] [2008-12-19]
Foxit Reader
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
GermanNow
Google Chrome
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.0.0.320
GrammarPro
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Nebraska 2009
H&R Block Nebraska 2010
H&R Block Nebraska 2011
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InfraRecorder
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_01
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 34
LeagueWorks for Little League
LG Android Drivers
LG USB Modem driver
LightScribe System Software
LightScribe Template Designs - Nature Pack 1
LightScribe Template Labeler
Logger Pro 3.8.2
LoggerPro3
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Security Scan Plus
Mia2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Player for Firefox
MovieEdit Task
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PC Alert 4
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
QuickTime
RealPlayer
RuneScape Launcher 1.2
Rush Screensaver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sentinel System Driver
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
SUPERAntiSpyware Free Edition
SurferNETWORK Player
TBS WMP Plug-in
The Battle for Middle-earth (tm) II
TI Connect 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VBA (3821b)
Verizon V CAST Media Manager
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WOT for Internet Explorer
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
12/1/2012 11:49:58 PM, error: Service Control Manager [7000] - The PCAlertDriver service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[j2z]

RogueKiller report:

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dad [Admin rights]
Mode : Remove -- Date : 12/02/2012 18:45:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160023A +++++
--- User ---
[MBR] 7f9d7984012a6e82c4920b34c1886d74
[BSP] 76ea8efc597150f5ba6b386c40a90778 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131069 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 268430085 | Size: 21548 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12022012_02d1845.txt >>
RKreport[1]_S_12022012_02d1844.txt ; RKreport[2]_D_12022012_02d1845.txt

 

[j2z]

aswMBR report:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-02 18:51:08
-----------------------------
18:51:08.562 OS Version: Windows 5.1.2600 Service Pack 3
18:51:08.562 Number of processors: 2 586 0x209
18:51:08.562 ComputerName: VANDELAY-2112 UserName: Dad
18:51:10.000 Initialize success
18:51:15.468 AVAST engine defs: 12120101
18:51:38.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:51:38.281 Disk 0 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3
18:51:38.312 Disk 0 MBR read successfully
18:51:38.312 Disk 0 MBR scan
18:51:38.343 Disk 0 Windows XP default MBR code
18:51:38.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131069 MB offset 63
18:51:38.359 Disk 0 Partition - 00 0F Extended LBA 21548 MB offset 268430085
18:51:38.375 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 21548 MB offset 268430148
18:51:38.390 Disk 0 scanning sectors +312560640
18:51:38.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:51:52.921 Service scanning
18:51:57.390 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
18:52:01.828 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
18:52:07.609 Modules scanning
18:52:15.984 Disk 0 trace - called modules:
18:52:16.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:52:16.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f8f030]
18:52:16.015 3 CLASSPNP.SYS[f7756fd7] -> nt!IofCallDriver -> \Device\00000060[0x85f92a40]
18:52:16.015 5 ACPI.sys[f76cd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85f92b58]
18:52:16.750 AVAST engine scan C:\WINDOWS
18:52:25.265 AVAST engine scan C:\WINDOWS\system32
18:54:47.984 AVAST engine scan C:\WINDOWS\system32\drivers
18:55:05.625 AVAST engine scan C:\Documents and Settings\Dad
18:59:24.937 AVAST engine scan C:\Documents and Settings\All Users
19:05:18.203 Scan finished successfully
19:14:54.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\Desktop\MBR.dat"
19:14:54.750 The log file has been saved successfully to "C:\Documents and Settings\Dad\Desktop\aswMBR.txt"

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[j2z]

Combofix report:

ComboFix 10-02-08.09 - Dad 02/10/2010 2:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.48 [GMT -6:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
Restored copy from - The cat ate it
-- Previous Run --

Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
Restored copy from - The cat ate it
Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
Restored copy from - The cat ate it
Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
Restored copy from - The cat ate it
Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
Restored copy from - The cat ate it
Infected copy of c:\windows\system32\drivers\usbhub.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\usbhub.sys

--------

.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-06 05:03 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-06 05:03 . 2010-02-06 05:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-06 05:03 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2010-02-06 04:12 . 2010-02-06 04:12 -------- d-----w- c:\documents and settings\Dad\Application Data\CheckPoint
2010-02-06 04:11 . 2010-02-06 04:11 -------- d-----w- c:\program files\CheckPoint
2010-02-06 04:10 . 2009-11-22 21:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-02-06 04:10 . 2009-11-22 21:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-02-06 04:10 . 2009-11-22 21:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-02-06 04:10 . 2010-02-06 04:10 -------- d-----w- c:\windows\system32\ZoneLabs
2010-02-06 04:10 . 2010-02-06 04:10 -------- d-----w- c:\program files\Zone Labs
2010-02-05 20:15 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-05 13:34 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-05 13:32 . 2010-02-05 13:32 -------- d-----w- c:\program files\Lavasoft
2010-02-05 13:15 . 2010-02-05 13:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-05 05:59 . 2010-02-05 05:59 -------- d-----w- C:\VundoFix Backups
2010-02-05 05:35 . 2010-02-05 05:35 -------- d-----w- c:\program files\Trend Micro
2010-02-05 05:35 . 2010-02-05 05:35 -------- d-----w- c:\documents and settings\Dad\Application Data\AVG8
2010-02-05 05:34 . 2010-02-05 05:34 -------- d-----w- c:\program files\CCleaner
2010-02-05 05:31 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-05 05:31 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-05 05:31 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-05 05:31 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-05 05:31 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-05 05:31 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-05 05:31 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-05 05:31 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-05 05:31 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-05 05:30 . 2010-02-05 05:30 -------- d-----w- c:\program files\Alwil Software
2010-02-05 05:30 . 2010-02-05 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-05 03:56 . 2010-02-05 03:56 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2010-02-05 03:56 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 03:56 . 2010-02-05 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-05 03:56 . 2010-02-05 05:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 03:56 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 02:40 . 2010-02-04 02:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-12 21:26 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 08:04 . 2010-02-07 01:24 8585164 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-10 06:47 . 2001-08-23 12:00 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-02-10 06:23 . 2004-11-02 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-10 03:19 . 2006-11-07 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-10 03:06 . 2010-02-10 03:19 1728512 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-02-10 03:06 . 2010-02-10 03:18 1869312 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-02-09 05:28 . 2010-02-10 03:05 1725952 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-08 14:01 . 2008-01-26 18:32 -------- d-----w- c:\documents and settings\Dad\Application Data\U3
2010-02-07 20:06 . 2004-11-02 01:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-07 19:55 . 2008-10-11 16:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-06 05:04 . 2010-02-06 05:04 52224 ----a-w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-06 05:03 . 2010-02-06 05:03 117760 ----a-w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-06 04:10 . 2004-11-05 03:53 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-02-03 02:34 . 2008-10-23 02:26 -------- d-----w- c:\program files\Citrix
2010-01-17 21:17 . 2009-02-20 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-01-16 23:11 . 2009-12-06 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Mozilla Firefox
2010-01-14 02:09 . 2010-01-14 02:09 15086 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{F3A482EC-55E0-48FA-A408-F40FDF265181}\ARPPRODUCTICON.exe
2009-12-28 02:27 . 2009-11-28 18:32 -------- d-----w- c:\documents and settings\Noah\Application Data\Apple Computer
2009-12-26 20:32 . 2009-09-09 20:06 69 ----a-w- c:\documents and settings\Noah\jagex_runescape_preferences2.dat
2009-12-26 17:46 . 2008-07-02 17:16 39 ----a-w- c:\documents and settings\Noah\jagex_runescape_preferences.dat
2009-12-22 05:21 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-10-21 17:02 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-19 02:57 . 2009-12-19 02:54 -------- d-----w- c:\documents and settings\Noah\Application Data\GetRightToGo
2009-12-17 04:50 . 2009-12-17 04:50 -------- d-----w- c:\program files\LightScribe Template Labeler
2009-12-17 04:18 . 2009-12-17 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-12-17 04:07 . 2009-12-17 04:07 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-17 03:53 . 2009-12-17 03:51 -------- d-----w- c:\documents and settings\Dad\Application Data\InfraRecorder
2009-12-17 03:34 . 2009-12-17 03:34 -------- d-----w- c:\program files\InfraRecorder
2009-12-16 20:42 . 2010-01-03 22:35 872960 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 20:42 . 2010-01-03 22:35 43008 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 20:42 . 2010-01-03 22:35 340480 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 20:41 . 2010-01-03 22:35 346624 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-16 04:52 . 2006-01-14 04:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-16 00:16 . 2009-02-21 21:09 -------- d-----w- c:\documents and settings\Avery\Application Data\U3
2009-12-14 13:02 . 2007-02-21 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-12-11 02:48 . 2008-04-25 21:45 2605832 -c--a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\chicktionary_s1_l1_gF46T1L1_d198220614.exe
2009-12-07 14:10 . 2010-02-05 13:33 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-04 05:11 . 2009-06-05 09:24 19072 ----a-w- c:\windows\system32\drivers\srvkp.sys
2009-12-04 03:12 . 2009-12-04 02:29 1324 -c--a-w- c:\documents and settings\Mom\Local Settings\Application Data\d3d9caps.tmp
2009-11-25 03:35 . 2009-11-25 03:35 65000 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-22 20:01 . 2005-11-13 16:32 91480 -c--a-w- c:\documents and settings\Avery\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 17:48 . 2009-11-29 20:07 872960 ----a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 17:48 . 2009-11-28 18:09 872960 ----a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 17:48 . 2009-11-27 16:11 872960 ----a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 17:48 . 2009-11-29 20:07 43008 ----a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 17:48 . 2009-11-28 18:09 43008 ----a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 17:48 . 2009-11-27 16:11 43008 ----a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 17:48 . 2009-11-29 20:07 340480 -c--a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 17:48 . 2009-11-28 18:09 340480 -c--a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 17:48 . 2009-11-27 16:11 340480 -c--a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 17:48 . 2009-11-29 20:07 346624 ----a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-19 17:48 . 2009-11-28 18:09 346624 ----a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-19 17:48 . 2009-11-27 16:11 346624 ----a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-12 23:07 . 2009-11-12 23:07 79144 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2004-10-22 544768]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-12-3 262144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/5/2010 7:34 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/4/2010 11:31 PM 163280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/4/2010 11:31 PM 19024]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 7:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 7:30 AM 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1184912]
S2 gupdate1c9b72e8bd6313e;Google Update Service (gupdate1c9b72e8bd6313e);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 9:11 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 03:41]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 03:11]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 02:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d%T%`*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d%T%`*\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-02-10 02:54:27
ComboFix-quarantined-files.txt 2010-02-10 08:54

Pre-Run: 99,767,488,512 bytes free
Post-Run: 100,273,197,056 bytes free

- - End Of File - - 019C5F1D10735E6B7FC6FC7A7180CBB4

 

[Broni]

Looks good.

How is computer doing?

=================================

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[j2z]

Thanks for the help so far. It rebooted on me last night while running Malwarebytes but has been going strong since running it, and the other diagnostics, this morning. Have you seen anything in the reports that you think could have caused the random shutdowns? The AdwCleaner report is below, I'll attach the others in separate posts.

AdwCleaner report:

# AdwCleaner v2.011 - Logfile created 12/02/2012 at 20:52:50
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dad - VANDELAY-2112
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dad\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6qvqm652.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Avery Z\Application Data\Mozilla\Firefox\Profiles\c8exgxfi.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Mom Z\Application Data\Mozilla\Firefox\Profiles\k15jj8n0.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Noah Z\Application Data\Mozilla\Firefox\Profiles\h9ry0wl7.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Dad Z\Application Data\Mozilla\Firefox\Profiles\0gj2stje.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Music & Pics\Application Data\Mozilla\Firefox\Profiles\sv4z94ie.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Avery Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Noah Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Dad Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Music & Pics\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2480 octets] - [02/12/2012 20:52:50]

########## EOF - C:\AdwCleaner[S1].txt - [2540 octets] ##########

 

[j2z]

OTL report (part 1 of 2):

OTL logfile created on: 12/2/2012 8:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 128.79 Mb Available Physical Memory | 26.86% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.56% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 66.84 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
Drive E: | 21.04 Gb Total Space | 6.25 Gb Free Space | 29.71% Space Free | Partition Type: NTFS

Computer Name: VANDELAY-2112 | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/02 20:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
PRC - [2012/12/02 02:07:08 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/08 03:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/09/03 00:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2008/06/27 14:54:12 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2012/12/02 14:11:32 | 002,036,224 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12120200\algo.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/08 03:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2010/12/08 03:23:52 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2010/12/08 03:23:50 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2010/12/08 03:23:50 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2009/11/19 10:20:44 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/11/19 10:20:42 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/11/19 10:20:42 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/04/01 20:10:17 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2012/12/02 02:07:08 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 18:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/09/03 00:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys -- (PCAlertDriver)
DRV - File not found [Kernel | Disabled | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | Disabled | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dad\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/21 14:10:21 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/21 20:27:41 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/21 20:27:41 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/03 23:11:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2009/12/03 23:10:59 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/03 10:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/02/14 16:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/06/21 02:53:20 | 000,626,204 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/02/23 21:08:52 | 000,400,384 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/07/10 09:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_en
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@View22/View22: C:\Program Files\kohler\View22\Version 3.10.50\NPView22.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/17 21:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/02 01:54:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/02 01:54:36 | 000,000,000 | ---D | M]

[2010/02/15 18:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2012/11/18 16:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6qvqm652.default\extensions
[2012/05/16 20:47:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6qvqm652.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/08/27 21:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/06 19:38:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/08/24 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/07/13 18:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/02/27 12:08:12 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2007/03/09 13:23:10 | 000,532,480 | ---- | M] (Move Networks) -- C:\Program Files\mozilla firefox\plugins\npmnqmp07030901.dll
[2012/07/13 18:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 18:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U34 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gears.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Avery Z\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Noah Z\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Dad Z\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Dad Z\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

 

[j2z]

OTL report (part 2 of 2):

O1 HOSTS File: ([2010/02/10 23:00:44 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-21-117609710-1383384898-682003330-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://hyvee.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mail111a.urscorp.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223764482484 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32BF7BE-3FBC-4AEC-9F7A-040199D17247}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/10/21 10:20:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell - "" = AutoRun
O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/02 20:50:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2012/12/02 20:16:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/02 20:14:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/12/02 20:13:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/02 20:06:04 | 005,009,299 | R--- | C] (Swearware) -- C:\Documents and Settings\Dad\Desktop\ComboFix.exe
[2012/12/02 18:49:08 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dad\Desktop\aswMBR.exe
[2012/12/02 18:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\RK_Quarantine
[2012/12/02 02:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012/12/02 02:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/12/02 02:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/12/02 01:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/12/02 01:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/12/02 00:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Nico Mak Computing
[2012/12/02 00:49:00 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\WINDOWS\System32\roboot.exe

========== Files - Modified Within 30 Days ==========

[2012/12/02 20:57:21 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/02 20:57:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/02 20:56:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 20:55:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/02 20:53:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 20:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2012/12/02 20:06:21 | 005,009,299 | R--- | M] (Swearware) -- C:\Documents and Settings\Dad\Desktop\ComboFix.exe
[2012/12/02 19:14:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\MBR.dat
[2012/12/02 18:49:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dad\Desktop\aswMBR.exe
[2012/12/02 18:42:20 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\RogueKiller.exe
[2012/12/02 13:18:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/12/02 02:08:43 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/12/02 01:54:07 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/12/01 13:05:41 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/17 21:22:05 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/17 16:34:57 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/04 19:45:42 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 19:45:42 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/12/02 19:14:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\MBR.dat
[2012/12/02 18:42:13 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\RogueKiller.exe
[2012/12/02 02:08:43 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/12/02 01:54:07 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/08/25 13:11:10 | 000,000,161 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/08/24 22:24:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/08 19:32:39 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\Dad\schedule.ini
[2011/04/08 19:32:39 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Dad\winsched.hd
[2011/03/22 20:42:51 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/16 21:36:57 | 000,009,343 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Comma Separated Values (Windows).EML
[2010/02/16 21:36:11 | 000,037,749 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Comma Separated Values (Windows).ADR
[2008/10/22 20:26:42 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Dad\g2mdlhlpx.exe
[2006/12/26 20:16:09 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2006/10/08 20:19:12 | 000,001,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2004/10/29 08:22:26 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/25 09:12:25 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2009/02/19 21:00:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/21 23:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/04 23:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/09/11 20:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2011/03/22 20:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/08/23 08:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/25 14:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/08/28 20:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/03/01 20:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2012/02/14 21:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/08/23 08:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012/02/25 00:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vernier
[2011/01/11 00:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/20 21:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/28 19:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\EPSON
[2010/06/29 09:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\Facebook
[2011/12/10 11:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\TaxCut
[2010/08/11 10:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\Thunderbird
[2012/03/01 20:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Canon
[2012/08/25 10:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\EPSON
[2010/02/27 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Foxit
[2010/02/14 22:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\GARMIN
[2010/08/15 15:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\InfraRecorder
[2012/12/02 01:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nico Mak Computing
[2011/04/17 22:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\pdf995
[2012/03/18 13:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\TaxCut
[2010/03/24 15:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Canon
[2012/02/20 21:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\DeductionPro 2009
[2012/10/23 19:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\EPSON
[2012/04/23 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\ESRI
[2010/05/12 22:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Facebook
[2010/06/27 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Foxit Software
[2009/10/14 17:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\GARMIN
[2010/08/15 15:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\InfraRecorder
[2010/04/11 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\pdf995
[2012/02/14 22:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\TaxCut
[2010/03/08 21:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Thunderbird
[2007/04/05 20:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\pdf995
[2012/07/07 11:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\Foxit Software
[2010/06/27 19:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\pdf995
[2012/04/08 19:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\TaxCut
[2010/07/23 14:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\Thunderbird
[2012/11/25 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Music & Pics\Application Data\Amazon
[2010/09/06 08:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Music & Pics\Application Data\pdf995
[2012/08/09 18:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\.minecraft
[2011/01/18 15:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\EPSON
[2010/07/24 14:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\FOG Downloader
[2011/08/04 18:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\KingsIsle Entertainment
[2010/09/18 15:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\My Battle for Middle-earth(tm) II Files
[2010/09/06 13:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\pdf995
[2010/06/09 15:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\Thunderbird
[2011/01/18 17:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\Unity

========== Purity Check ==========



< End of report >

 

[j2z]

Extras report:

OTL Extras logfile created on: 12/2/2012 8:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 128.79 Mb Available Physical Memory | 26.86% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.56% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 66.84 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
Drive E: | 21.04 Gb Total Space | 6.25 Gb Free Space | 29.71% Space Free | Partition Type: NTFS

Computer Name: VANDELAY-2112 | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe:*isabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat:*:Enabledatchgrabber -- (Electronic Arts)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*isabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"G:\Maple\bin.win\mserver.exe" = G:\Maple\bin.win\mserver.exe:*isabled:mserver
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D81E6DE-83D3-4FAF-824C-7B3BB92D61F0}" = H&R Block Nebraska 2009
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer Desktop
"{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F67A6AE-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
"{7F67A6AF-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8D07C507-69A7-4AFD-9242-8A3C596C6DC9}" = H&R Block Nebraska 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A149DEA2-1D5B-11D5-9F76-00C04F6BC7A1}" = ArcGIS Desktop
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48C9C07-1DE1-4476-8997-AA6290F94D09}" = EclipseCrossword
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DD1C903B-C75E-446A-9C09-19EFE9D101DD}" = LoggerPro3
"{DF5A8D64-0B50-46D7-B85D-E66CE690092C}" = WOT for Internet Explorer
"{E3B8F189-2C19-473F-811B-1748187F98E2}" = ArcGIS Tutorial Data
"{E4A065AE-49E5-4F00-8A6E-41494C0D71E1}" = ArcGIS ArcObjects Developer Kit
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}" = Garmin Communicator Plugin
"{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F654CA77-407B-4BC6-8C30-25ACFA581AD0}" = H&R Block Nebraska 2011
"{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS Explorer Desktop" = ArcGIS Explorer Desktop
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CorelDRAW 10" = CorelDRAW 10
"CSCLIB" = Canon Camera Support Core Library
"Diamond Scheduler Multidivision Approach 1 (Movie)_is1" = Diamond Scheduler Multidivision Approach 1
"Diamond Scheduler Multidivision Approach 2 (Movie)_is1" = Diamond Scheduler Multidivision Approach 2
"Diamond Scheduler Multidivision Approach 3 (Movie)_is1" = Diamond Scheduler Multidivision Approach 3
"Diamond Scheduler_is1" = Diamond Scheduler 6
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit Reader" = Foxit Reader
"GermanNow" = GermanNow
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GrammarPro" = GrammarPro
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{DD1C903B-C75E-446A-9C09-19EFE9D101DD}" = Logger Pro 3.8.2
"LeagueWorks for Little League" = LeagueWorks for Little League
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mia2" = Mia2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Move Player_is1" = Move Networks Player for Firefox
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PC Alert 4" = PC Alert 4
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rush Screensaver" = Rush Screensaver
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SurferNETWORK Player" = SurferNETWORK Player
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2012 1:10:25 AM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
Description = Hanging application E_FARNFCA.EXE, version 5.0.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2012 1:54:25 AM | Computer Name = VANDELAY-2112 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe .
Error code = 0x80131047

Error - 8/26/2012 9:22:05 PM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2012 11:40:33 PM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/30/2012 10:05:08 PM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
Description = Faulting application infrarecorder.exe, version 0.50.0.0, faulting
module infrarecorder.exe, version 0.50.0.0, fault address 0x00020ed3.

Error - 9/4/2012 9:36:08 PM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/30/2012 12:25:32 AM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
cryptnet.dll, version 5.131.2600.5512, fault address 0x0000456a.

Error - 9/30/2012 12:26:56 AM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
cryptnet.dll, version 5.131.2600.5512, fault address 0x0000456a.

Error - 10/8/2012 11:02:46 PM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 22.0.1229.92, faulting module
setup.exe, version 22.0.1229.92, fault address 0x000968f9.

Error - 10/23/2012 9:38:05 PM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1004
Description = Faulting application setup.exe, version 22.0.1229.92, faulting module
setup.exe, version 22.0.1229.92, fault address 0x000968f9.

[ System Events ]
Error - 11/17/2012 11:29:50 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
Description = The PCAlertDriver service failed to start due to the following error:
%%2

Error - 11/18/2012 3:01:10 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
Description = The PCAlertDriver service failed to start due to the following error:
%%2

Error - 11/20/2012 10:12:23 PM | Computer Name = VANDELAY-2112 | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 12/2/2012 1:49:58 AM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
Description = The PCAlertDriver service failed to start due to the following error:
%%2

Error - 12/2/2012 2:24:42 AM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
Description = The PCAlertDriver service failed to start due to the following error:
%%2

Error - 12/2/2012 2:29:03 AM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
Description = The PCAlertDriver service failed to start due to the following error:
%%2

Error - 12/2/2012 12:50:44 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
Description = The PCAlertDriver service failed to start due to the following error:
%%2

Error - 12/2/2012 10:13:39 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/2/2012 10:13:39 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7034
Description = The EPSON V5 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/2/2012 10:57:13 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
Description = The PCAlertDriver service failed to start due to the following error:
%%2


< End of report >

 

[Broni]

You had one infected system file which Combofix replaced.

Uninstall McAfee Security Scan, typical foistware.

================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
  SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
  O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
  O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
  O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
  O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
  O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell - "" = AutoRun
  O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Symantec
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[j2z]

Do I remove McAfee with OTL or from control panel?

 

[Broni]

Control Panel>Add\Remove

 

[j2z]

OTL custom scan/fix report:

All processes killed
========== OTL ==========
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE not found.
Service Automatic LiveUpdate Scheduler stopped successfully!
Service Automatic LiveUpdate Scheduler deleted successfully!
File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe not found.
Registry value HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control ppctlcab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ppctlcab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ppctlcab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ppctlcab\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
File F:\LaunchU3.exe -a not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Symantec\LiveUpdate folder moved successfully.
C:\Program Files\Symantec folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Avery Z
->Temp folder emptied: 70247610 bytes
->Temporary Internet Files folder emptied: 14341768 bytes
->Java cache emptied: 2056634 bytes
->FireFox cache emptied: 194375713 bytes
->Google Chrome cache emptied: 65095597 bytes
->Flash cache emptied: 53620 bytes

User: Dad
->Temp folder emptied: 31401205 bytes
->Temporary Internet Files folder emptied: 5490650 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 210314715 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3095 bytes

User: Dad Z
->Temp folder emptied: 89836072 bytes
->Temporary Internet Files folder emptied: 278375488 bytes
->Java cache emptied: 236915 bytes
->FireFox cache emptied: 440599331 bytes
->Google Chrome cache emptied: 397971399 bytes
->Flash cache emptied: 158366 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mom Z
->Temp folder emptied: 3205956 bytes
->Temporary Internet Files folder emptied: 42018546 bytes
->Java cache emptied: 389564 bytes
->FireFox cache emptied: 307612836 bytes
->Flash cache emptied: 37884 bytes

User: Music & Pics
->Temp folder emptied: 135283041 bytes
->Temporary Internet Files folder emptied: 279534972 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91125183 bytes
->Google Chrome cache emptied: 7120335 bytes
->Flash cache emptied: 5645 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Noah Z
->Temp folder emptied: 752234442 bytes
->Temporary Internet Files folder emptied: 19632354 bytes
->Java cache emptied: 11127024 bytes
->FireFox cache emptied: 314609572 bytes
->Google Chrome cache emptied: 401110120 bytes
->Flash cache emptied: 1974604 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2942827 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 373584471 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2077800 bytes
RecycleBin emptied: 21424 bytes

Total Files Cleaned = 4,336.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Avery Z
->Java cache emptied: 0 bytes

User: Dad
->Java cache emptied: 0 bytes

User: Dad Z
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: Mom Z
->Java cache emptied: 0 bytes

User: Music & Pics
->Java cache emptied: 0 bytes

User: NetworkService

User: Noah Z
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Avery Z
->Flash cache emptied: 0 bytes

User: Dad
->Flash cache emptied: 0 bytes

User: Dad Z
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mom Z
->Flash cache emptied: 0 bytes

User: Music & Pics
->Flash cache emptied: 0 bytes

User: NetworkService

User: Noah Z
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12022012_220623

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[j2z]

Security check report:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 34
Java 7 Update 9
Java 2 Runtime Environment, SE v1.4.2_01
Adobe Flash Player 11.5.502.110
Mozilla Firefox (for.)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[j2z]

FSS report:

Farbar Service Scanner Version: 01-12-2012 02
Ran by Dad (administrator) on 02-12-2012 at 22:54:43
Running from "C:\Documents and Settings\Dad\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[j2z]

Ran TFC and ESET Online Scanner. ESET found no threats. I called it a night while ESET was running and this morning the computer was still on without having reset. Woo-hoo!

 

[Broni]

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

===================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[j2z]

OTL restore point report:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Avery Z
->Temp folder emptied: 214 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41329807 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Dad
->Temp folder emptied: 1674 bytes
->Temporary Internet Files folder emptied: 8143297 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32698585 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2324 bytes

User: Dad Z
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mom Z
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Music & Pics
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Noah Z
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 573 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 160639 bytes

Total Files Cleaned = 79.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Avery Z
->Flash cache emptied: 0 bytes

User: Dad
->Flash cache emptied: 0 bytes

User: Dad Z
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mom Z
->Flash cache emptied: 0 bytes

User: Music & Pics
->Flash cache emptied: 0 bytes

User: NetworkService

User: Noah Z
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Avery Z
->Java cache emptied: 0 bytes

User: Dad
->Java cache emptied: 0 bytes

User: Dad Z
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: Mom Z
->Java cache emptied: 0 bytes

User: Music & Pics
->Java cache emptied: 0 bytes

User: NetworkService

User: Noah Z
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12032012_193720

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[j2z]

I completed all the remaining steps to clean, update, and add as listed. So far so good, but I'll post again after logging in under the other users I had set up. Hopefully this takes care of my issue . . . I was really hoping it wasn't a board or power supply issue. Thanks so much for your time and help Broni.

 

[Broni]

Way to go!!
Good luck and stay safe