Jump to content

Recommended Posts

Hi, I've got a malware virus which affects my PC only when I log on with a user, rather than as the administrator. This happens even in safe mode.

The virus does not allows programs to open, instead asking which file extension you wish to open the program with. It also stops the firewall and Anti-virus to open on boot up.

I've done full malwarebytes scans. The first time it detected a virus, but when I restarted the PC the same thing happened and now malware doesn't detect anything.

I do these scans in Safe Mode with networking, logged in as an Administrator.

Help please.

Thanks

Link to post
Share on other sites

Hello and :welcome:

Please righ-click the download link below and select "save target/link as...". Save the file as OTL.com to the desktop of your infected userprofile. Then reboot in that userprofile and doubleclick OTL.com to run it.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Hi Elise

I installed the program on the infected userprofile, but could not run it when I logged in under the user, as the malware prevents any programs from running. Therefore I logged in as the Administrator in Safe Mode and went to the user infected desktop through the directory and ran the program as you instructed. Here are the results. I look forward to hearing from you. Thanks Jason

OTL.text

OTL logfile created on: 12/05/2011 10:05:11 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 229.47 Gb Total Space | 196.47 Gb Free Space | 85.62% Space Free | Partition Type: NTFS

Computer Name: JBOFFICE | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 10:00:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.com.exe

PRC - [2011/05/03 17:29:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 10:00:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.com.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/11/16 18:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/06/17 19:14:52 | 000,338,464 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)

SRV - [2010/04/15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Stopped] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)

SRV - [2009/10/09 17:17:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)

SRV - [2009/05/15 20:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Stopped] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)

SRV - [2008/12/23 02:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)

SRV - [2008/10/16 18:22:20 | 000,464,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/05/03 11:58:36 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)

DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/06/17 19:06:44 | 000,179,656 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys -- (PCGenFAM)

DRV - [2010/05/13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2004/10/08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)

DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/05/11 09:16:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:16:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 17:29:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/11 16:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2011/04/04 15:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011/05/11 09:16:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

[2008/12/04 10:36:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/09/08 17:51:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/05/03 17:29:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/03/26 12:26:18 | 000,002,381 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: HP4CBB39 HP001CC44CBB39

O1 - Hosts: 82.146.46.170 www.myonlineaccounts2.abbeynational.co.uk

O1 - Hosts: 82.146.46.170 www.online.lloydstsb.co.uk

O1 - Hosts: 82.146.46.170 www.online-business.lloydstsb.co.uk

O1 - Hosts: 82.146.46.170 online-offshore.lloydstsb.com

O1 - Hosts: 82.146.46.170 www.online-offshore.lloydstsb.com

O1 - Hosts: 82.146.46.170 abbeyinternational.com

O1 - Hosts: 82.146.46.170 www.abbeyinternational.com

O1 - Hosts: 82.146.46.170 www.ibank.barclays.co.uk

O1 - Hosts: 82.146.46.170 www.ibank.cahoot.com

O1 - Hosts: 82.146.46.170 home.ybonline.co.uk

O1 - Hosts: 82.146.46.170 www.home.ybonline.co.uk

O1 - Hosts: 82.146.46.170 home.cbonline.co.uk

O1 - Hosts: 82.146.46.170 www.home.cbonline.co.uk

O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk

O1 - Hosts: 82.146.46.170 www.mybank.alliance-leicester.co.uk

O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk

O1 - Hosts: 82.146.46.170 www.mybusinessbank.co.uk

O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im

O1 - Hosts: 82.146.46.170 www.mybankoffshore.alil.co.im

O1 - Hosts: 82.146.46.170 ibank.internationalbanking.barclays.com

O1 - Hosts: 82.146.46.170 www.ibank.internationalbanking.barclays.com

O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk

O1 - Hosts: 82.146.46.170 www.welcome27.co-operativebank.co.uk

O1 - Hosts: 15 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found.

O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006..\Run: [Google Update] File not found

O4 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk.disabled ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1301029243-3033417472-2581773101-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: google-analytics.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: novastor.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: novastor.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O16 - DPF: FirstViewer http://barnet.documentretrieval.co.uk/alchemyweb/Components/FirstVwr.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006..exefile [open] -- "C:\Documents and Settings\Jason\Local Settings\Application Data\gng.exe" -a "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\...exe [@ = exefile] -- "C:\Documents and Settings\Jason\Local Settings\Application Data\gng.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 16:46:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2011/05/11 16:14:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2011/05/11 16:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2011/05/11 16:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2011/05/11 16:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2011/05/11 16:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2011/05/10 16:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2011/05/10 12:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2011/05/10 12:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2011/05/10 12:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011/04/28 14:34:50 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2011/02/21 10:50:19 | 000,417,792 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\OjScrubber.exe

[2008/10/17 10:13:47 | 004,013,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OutlookConnector.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 09:39:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/11 16:39:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1301029243-3033417472-2581773101-1006UA.job

[2011/05/11 16:38:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/11 16:13:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/05/11 09:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/11 09:12:34 | 114,720,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/05/10 16:24:39 | 000,001,360 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sh5gy611u40h

[2011/05/10 12:23:25 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/05/10 10:14:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{43874450-5490-4560-B3CA-B04DD4F6C2AF}.job

[2011/05/10 09:39:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1301029243-3033417472-2581773101-1006Core.job

[2011/05/10 09:08:54 | 000,208,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/05/09 15:24:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin

[2011/05/09 10:15:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/05/09 09:35:35 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/05/09 09:21:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2011/04/18 12:34:42 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/15 17:10:42 | 000,466,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/15 17:10:42 | 000,079,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 16:13:24 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/05/10 16:24:38 | 000,001,360 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sh5gy611u40h

[2011/05/10 12:23:25 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/04/11 17:29:16 | 000,154,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/04/04 15:09:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/02/21 11:00:53 | 000,117,087 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2011/02/21 11:00:02 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2011/02/21 10:50:20 | 000,055,959 | ---- | C] () -- C:\Program Files\Psc1100rw-2kKeys.dat

[2011/02/21 10:50:20 | 000,042,665 | ---- | C] () -- C:\Program Files\HpOjScrubber.ini

[2011/02/21 10:50:20 | 000,010,600 | ---- | C] () -- C:\Program Files\Oj4105rw2-2kFiles.dat

[2011/02/21 10:50:20 | 000,009,149 | ---- | C] () -- C:\Program Files\Psc1100rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,304,593 | ---- | C] () -- C:\Program Files\Psc2200rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,297,319 | ---- | C] () -- C:\Program Files\Oj6100vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,295,748 | ---- | C] () -- C:\Program Files\Psc2150vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,292,367 | ---- | C] () -- C:\Program Files\Psc2170rw-9xKeys.DAT

[2011/02/21 10:50:19 | 000,292,162 | ---- | C] () -- C:\Program Files\Psc2150rw-9xKeys.DAT

[2011/02/21 10:50:19 | 000,281,433 | ---- | C] () -- C:\Program Files\Psc1100rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,280,863 | ---- | C] () -- C:\Program Files\Psc2100rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,280,833 | ---- | C] () -- C:\Program Files\Psc1200rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,275,713 | ---- | C] () -- C:\Program Files\Oj4105rw2-9xKeys.dat

[2011/02/21 10:50:19 | 000,275,204 | ---- | C] () -- C:\Program Files\Oj4100rw2-9xKeys.dat

[2011/02/21 10:50:19 | 000,274,998 | ---- | C] () -- C:\Program Files\Oj6100rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,057,865 | ---- | C] () -- C:\Program Files\Oj6100vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,057,622 | ---- | C] () -- C:\Program Files\Psc2200vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,057,572 | ---- | C] () -- C:\Program Files\Psc2100vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,057,561 | ---- | C] () -- C:\Program Files\Psc2150vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,057,558 | ---- | C] () -- C:\Program Files\PSC2200vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,057,483 | ---- | C] () -- C:\Program Files\Psc2100vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,056,526 | ---- | C] () -- C:\Program Files\Oj4105rw2-2kKeys.dat

[2011/02/21 10:50:19 | 000,056,016 | ---- | C] () -- C:\Program Files\Oj4100rw2-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,999 | ---- | C] () -- C:\Program Files\Oj6100rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,395 | ---- | C] () -- C:\Program Files\Psc2170rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,388 | ---- | C] () -- C:\Program Files\Psc2200rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,387 | ---- | C] () -- C:\Program Files\Psc2150rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,364 | ---- | C] () -- C:\Program Files\Psc1200rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,362 | ---- | C] () -- C:\Program Files\Psc2100rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,016,085 | ---- | C] () -- C:\Program Files\Uninst.isu

[2011/02/21 10:50:19 | 000,011,326 | ---- | C] () -- C:\Program Files\Oj6100vg-2kFiles.dat

[2011/02/21 10:50:19 | 000,010,701 | ---- | C] () -- C:\Program Files\Oj6100rw-2kFiles.dat

[2011/02/21 10:50:19 | 000,010,628 | ---- | C] () -- C:\Program Files\Oj4100rw2-2kFiles.dat

[2011/02/21 10:50:19 | 000,010,569 | ---- | C] () -- C:\Program Files\Psc2170rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,444 | ---- | C] () -- C:\Program Files\Psc1100rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,419 | ---- | C] () -- C:\Program Files\Psc2200vg-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,419 | ---- | C] () -- C:\Program Files\Psc2100vg-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,405 | ---- | C] () -- C:\Program Files\Psc1200rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,052 | ---- | C] () -- C:\Program Files\Psc2150vg-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,862 | ---- | C] () -- C:\Program Files\Psc2100rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,848 | ---- | C] () -- C:\Program Files\Psc2200rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,815 | ---- | C] () -- C:\Program Files\Psc2150rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,608 | ---- | C] () -- C:\Program Files\Oj6100vg-9xFiles.DAT

[2011/02/21 10:50:19 | 000,009,291 | ---- | C] () -- C:\Program Files\Psc2150rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,249 | ---- | C] () -- C:\Program Files\Oj4100rw2-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,243 | ---- | C] () -- C:\Program Files\Oj6100rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,240 | ---- | C] () -- C:\Program Files\Psc2170rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,132 | ---- | C] () -- C:\Program Files\Psc2200rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,131 | ---- | C] () -- C:\Program Files\Psc2100rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,110 | ---- | C] () -- C:\Program Files\Psc1200rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,068 | ---- | C] () -- C:\Program Files\Oj4105rw2-9xFiles.dat

[2011/02/21 10:50:19 | 000,008,662 | ---- | C] () -- C:\Program Files\PSC2200vg-9xFiles.DAT

[2011/02/21 10:50:19 | 000,008,345 | ---- | C] () -- C:\Program Files\PSC2100vg-9xFiles.DAT

[2011/02/21 10:50:19 | 000,001,707 | ---- | C] () -- C:\Program Files\HpOjScrubber1.RTF

[2011/02/21 10:50:19 | 000,001,104 | ---- | C] () -- C:\Program Files\HpOjScrubber3.RTF

[2011/02/21 10:50:19 | 000,000,317 | ---- | C] () -- C:\Program Files\HpOjScrubber2.RTF

[2011/02/17 13:24:32 | 000,000,735 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2010/11/26 12:04:17 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/06/21 10:43:39 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2010/05/07 22:31:36 | 000,015,046 | ---- | C] () -- C:\WINDOWS\UN060501.INI

[2010/01/12 10:27:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

[2009/10/19 17:01:38 | 000,004,376 | ---- | C] () -- C:\WINDOWS\UN090928.INI

[2009/10/09 17:27:31 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp

[2009/10/09 17:27:31 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp

[2009/09/29 12:05:27 | 000,008,628 | -H-- | C] () -- C:\Program Files\HpOjScrubber.GID

[2009/09/24 14:18:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2009/07/27 12:09:29 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe

[2009/07/27 12:09:05 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2009/01/06 17:39:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/10/08 10:03:25 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ikey.ini

[2008/08/05 09:47:45 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll

[2008/04/24 11:35:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2008/04/15 12:09:15 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat

[2008/04/14 10:53:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008/04/14 10:53:00 | 000,000,159 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2008/04/12 17:08:46 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini

[2008/04/07 13:43:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2008/04/03 13:27:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/03 12:58:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/04/03 12:58:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2008/04/03 12:56:54 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:57:15 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 12:51:20 | 000,466,806 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 12:51:20 | 000,079,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

Extra.txt

OTL Extras logfile created on: 12/05/2011 10:05:11 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 229.47 Gb Total Space | 196.47 Gb Free Space | 85.62% Space Free | Partition Type: NTFS

Computer Name: JBOFFICE | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- "C:\Documents and Settings\Jason\Local Settings\Application Data\gng.exe" -a "%1" %*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1301029243-3033417472-2581773101-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe

"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C8C\setup\HPZnet01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C8C\setup\HPZnet01.exe:*:Enabled:hpznet01.exe

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C8C\setup\hponicifs01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C8C\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS4F2C\setup\HPZnet01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS4F2C\setup\HPZnet01.exe:*:Enabled:hpznet01.exe

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS4F2C\setup\hponicifs01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS4F2C\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS5687\setup\HPZnet01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS5687\setup\HPZnet01.exe:*:Enabled:hpznet01.exe

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS5687\setup\hponicifs01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS5687\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe

"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)

"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)

"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)

"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe

"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS4E0C\setup\HPZnet01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS4E0C\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS4E0C\setup\hponicifs01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS4E0C\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C4E\setup\HPZnet01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C4E\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)

"C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C4E\setup\hponicifs01.exe" = C:\Documents and Settings\Jason\Local Settings\Temp\7zS6C4E\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1BB649F1-20BA-4A98-8E75-C55146647D04}" = Soluto

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype

Link to post
Share on other sites

Hello again, that shows the problem just fine. :)

BACKUP THE REGISTRY

---------------------------

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\System32\\userinit.exe,"

    :files
    C:\Documents and Settings\Jason\Local Settings\Application Data\gng.exe
    C:\Program Files\Soluto

    :otl
    O35 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006..exefile [open] -- "C:\Documents and Settings\Jason\Local Settings\Application Data\gng.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\...exe [@ = exefile] -- "C:\Documents and Settings\Jason\Local Settings\Application Data\gng.exe" -a "%1" %*

    :commands
    [resethosts]
    [reboot]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Hi.

I followed your instructions but was not sure if I should boot in safe mode again, so left the PC to open as normal. I can now open up programs, but I got two Window Security Alerts saying that the Automatic Updates & Firewall are turned off. I have managed to turn on the firewall using Windows Firewall. I can not open ZoneAlarm, and even though Automatic Updates are turned on in the Sytstem tab, it does not show as on in the Security Centre. Also there was no report which opened after I ran OTL fix. Here is the new OTL report after I clcked on Run Scan. I hope this helps.

OTL logfile created on: 12/05/2011 17:01:23 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 229.47 Gb Total Space | 194.41 Gb Free Space | 84.72% Space Free | Partition Type: NTFS

Computer Name: JBOFFICE | User Name: Jason | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 10:00:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.com.exe

PRC - [2011/05/03 17:29:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2010/11/16 18:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2010/04/15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

PRC - [2010/01/26 14:22:38 | 001,897,952 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

PRC - [2009/05/15 20:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

PRC - [2009/05/15 20:36:50 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe

PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/12/23 02:28:00 | 000,795,936 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe

PRC - [2008/12/23 02:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe

PRC - [2008/10/16 18:22:20 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/03/03 22:03:22 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe

PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

PRC - [2002/04/13 21:29:58 | 000,438,272 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\CPQEADM.exe

PRC - [2001/12/14 15:01:24 | 000,032,768 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\STARTEAK.exe

PRC - [2001/11/27 18:38:00 | 000,090,112 | ---- | M] (Compaq) -- C:\compaq\eakdrv\EAUSBKBD.exe

PRC - [2001/03/23 12:34:10 | 000,122,880 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\BttnServ.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 10:00:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.com.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SolutoService)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/11/16 18:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/04/15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)

SRV - [2009/10/09 17:17:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)

SRV - [2009/05/15 20:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)

SRV - [2008/12/23 02:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)

SRV - [2008/10/16 18:22:20 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/05/03 11:58:36 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)

DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/06/17 19:06:44 | 000,179,656 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys -- (PCGenFAM)

DRV - [2010/05/13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2004/10/08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)

DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080403

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/news/"

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/05/11 09:16:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:16:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 17:29:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/04 15:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions

[2009/03/30 10:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\extensions

[2009/03/30 10:35:26 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2011/04/04 15:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011/05/11 09:16:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

[2008/12/04 10:36:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/09/08 17:51:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/05/03 17:29:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/12 16:48:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found.

O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006..\Run: [Google Update] File not found

O4 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk.disabled ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O8 - Extra context menu item: Open with PDF Converter 5.2 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()

O8 - Extra context menu item: Open with PDF Professional 5.2 - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: google-analytics.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: novastor.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Domains: novastor.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1301029243-3033417472-2581773101-1006\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O16 - DPF: FirstViewer http://barnet.documentretrieval.co.uk/alchemyweb/Components/FirstVwr.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 16:39:30 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/05/12 16:36:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/05/12 16:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2011/05/12 16:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2011/05/12 10:00:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.com.exe

[2011/05/10 12:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2011/05/10 12:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2011/05/10 12:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011/04/28 14:34:50 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2011/04/15 09:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Trusteer

[2011/02/21 10:50:19 | 000,417,792 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\OjScrubber.exe

[2008/10/17 10:13:47 | 004,013,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OutlookConnector.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Jason\My Documents\*.tmp files -> C:\Documents and Settings\Jason\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 16:50:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/12 16:50:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/12 16:50:37 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/12 16:48:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/05/12 16:45:38 | 114,850,379 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/05/12 16:44:50 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{43874450-5490-4560-B3CA-B04DD4F6C2AF}.job

[2011/05/12 10:00:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.com.exe

[2011/05/11 16:39:25 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Excel 2007.lnk

[2011/05/11 16:39:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1301029243-3033417472-2581773101-1006UA.job

[2011/05/11 16:13:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/05/11 09:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/10 16:24:39 | 000,001,360 | -HS- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\sh5gy611u40h

[2011/05/10 16:24:39 | 000,001,360 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sh5gy611u40h

[2011/05/10 14:22:44 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Outlook.lnk

[2011/05/10 12:23:25 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/05/10 09:39:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1301029243-3033417472-2581773101-1006Core.job

[2011/05/10 09:08:54 | 000,208,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/05/09 16:40:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Word.lnk

[2011/05/09 15:24:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin

[2011/05/09 10:15:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/05/09 09:39:54 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/09 09:39:53 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Google Chrome.lnk

[2011/05/09 09:35:35 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/05/09 09:21:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2011/04/18 12:34:42 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/15 17:10:42 | 000,466,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/15 17:10:42 | 000,079,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Jason\My Documents\*.tmp files -> C:\Documents and Settings\Jason\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 16:41:01 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/11 16:13:24 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/05/10 16:24:38 | 000,001,360 | -HS- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\sh5gy611u40h

[2011/05/10 16:24:38 | 000,001,360 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sh5gy611u40h

[2011/05/10 12:23:25 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/04/11 17:29:16 | 000,154,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/04/04 15:09:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/02/21 11:00:53 | 000,117,087 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2011/02/21 11:00:02 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2011/02/21 10:50:20 | 000,055,959 | ---- | C] () -- C:\Program Files\Psc1100rw-2kKeys.dat

[2011/02/21 10:50:20 | 000,042,665 | ---- | C] () -- C:\Program Files\HpOjScrubber.ini

[2011/02/21 10:50:20 | 000,010,600 | ---- | C] () -- C:\Program Files\Oj4105rw2-2kFiles.dat

[2011/02/21 10:50:20 | 000,009,149 | ---- | C] () -- C:\Program Files\Psc1100rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,304,593 | ---- | C] () -- C:\Program Files\Psc2200rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,297,319 | ---- | C] () -- C:\Program Files\Oj6100vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,295,748 | ---- | C] () -- C:\Program Files\Psc2150vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,292,367 | ---- | C] () -- C:\Program Files\Psc2170rw-9xKeys.DAT

[2011/02/21 10:50:19 | 000,292,162 | ---- | C] () -- C:\Program Files\Psc2150rw-9xKeys.DAT

[2011/02/21 10:50:19 | 000,281,433 | ---- | C] () -- C:\Program Files\Psc1100rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,280,863 | ---- | C] () -- C:\Program Files\Psc2100rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,280,833 | ---- | C] () -- C:\Program Files\Psc1200rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,275,713 | ---- | C] () -- C:\Program Files\Oj4105rw2-9xKeys.dat

[2011/02/21 10:50:19 | 000,275,204 | ---- | C] () -- C:\Program Files\Oj4100rw2-9xKeys.dat

[2011/02/21 10:50:19 | 000,274,998 | ---- | C] () -- C:\Program Files\Oj6100rw-9xKeys.dat

[2011/02/21 10:50:19 | 000,057,865 | ---- | C] () -- C:\Program Files\Oj6100vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,057,622 | ---- | C] () -- C:\Program Files\Psc2200vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,057,572 | ---- | C] () -- C:\Program Files\Psc2100vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,057,561 | ---- | C] () -- C:\Program Files\Psc2150vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,057,558 | ---- | C] () -- C:\Program Files\PSC2200vg-9xKeys.DAT

[2011/02/21 10:50:19 | 000,057,483 | ---- | C] () -- C:\Program Files\Psc2100vg-2kKeys.dat

[2011/02/21 10:50:19 | 000,056,526 | ---- | C] () -- C:\Program Files\Oj4105rw2-2kKeys.dat

[2011/02/21 10:50:19 | 000,056,016 | ---- | C] () -- C:\Program Files\Oj4100rw2-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,999 | ---- | C] () -- C:\Program Files\Oj6100rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,395 | ---- | C] () -- C:\Program Files\Psc2170rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,388 | ---- | C] () -- C:\Program Files\Psc2200rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,387 | ---- | C] () -- C:\Program Files\Psc2150rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,364 | ---- | C] () -- C:\Program Files\Psc1200rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,055,362 | ---- | C] () -- C:\Program Files\Psc2100rw-2kKeys.dat

[2011/02/21 10:50:19 | 000,016,085 | ---- | C] () -- C:\Program Files\Uninst.isu

[2011/02/21 10:50:19 | 000,011,326 | ---- | C] () -- C:\Program Files\Oj6100vg-2kFiles.dat

[2011/02/21 10:50:19 | 000,010,701 | ---- | C] () -- C:\Program Files\Oj6100rw-2kFiles.dat

[2011/02/21 10:50:19 | 000,010,628 | ---- | C] () -- C:\Program Files\Oj4100rw2-2kFiles.dat

[2011/02/21 10:50:19 | 000,010,569 | ---- | C] () -- C:\Program Files\Psc2170rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,444 | ---- | C] () -- C:\Program Files\Psc1100rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,419 | ---- | C] () -- C:\Program Files\Psc2200vg-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,419 | ---- | C] () -- C:\Program Files\Psc2100vg-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,405 | ---- | C] () -- C:\Program Files\Psc1200rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,010,052 | ---- | C] () -- C:\Program Files\Psc2150vg-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,862 | ---- | C] () -- C:\Program Files\Psc2100rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,848 | ---- | C] () -- C:\Program Files\Psc2200rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,815 | ---- | C] () -- C:\Program Files\Psc2150rw-2kFiles.DAT

[2011/02/21 10:50:19 | 000,009,608 | ---- | C] () -- C:\Program Files\Oj6100vg-9xFiles.DAT

[2011/02/21 10:50:19 | 000,009,291 | ---- | C] () -- C:\Program Files\Psc2150rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,249 | ---- | C] () -- C:\Program Files\Oj4100rw2-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,243 | ---- | C] () -- C:\Program Files\Oj6100rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,240 | ---- | C] () -- C:\Program Files\Psc2170rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,132 | ---- | C] () -- C:\Program Files\Psc2200rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,131 | ---- | C] () -- C:\Program Files\Psc2100rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,110 | ---- | C] () -- C:\Program Files\Psc1200rw-9xFiles.dat

[2011/02/21 10:50:19 | 000,009,068 | ---- | C] () -- C:\Program Files\Oj4105rw2-9xFiles.dat

[2011/02/21 10:50:19 | 000,008,662 | ---- | C] () -- C:\Program Files\PSC2200vg-9xFiles.DAT

[2011/02/21 10:50:19 | 000,008,345 | ---- | C] () -- C:\Program Files\PSC2100vg-9xFiles.DAT

[2011/02/21 10:50:19 | 000,001,707 | ---- | C] () -- C:\Program Files\HpOjScrubber1.RTF

[2011/02/21 10:50:19 | 000,001,104 | ---- | C] () -- C:\Program Files\HpOjScrubber3.RTF

[2011/02/21 10:50:19 | 000,000,317 | ---- | C] () -- C:\Program Files\HpOjScrubber2.RTF

[2011/02/17 13:24:32 | 000,000,735 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2010/11/26 12:04:17 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/06/21 10:43:39 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2010/06/10 12:19:45 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\wklnhst.dat

[2010/05/07 22:31:36 | 000,015,046 | ---- | C] () -- C:\WINDOWS\UN060501.INI

[2010/01/12 10:27:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

[2009/10/19 17:01:38 | 000,004,376 | ---- | C] () -- C:\WINDOWS\UN090928.INI

[2009/10/09 17:27:31 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp

[2009/10/09 17:27:31 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp

[2009/09/29 12:05:27 | 000,008,628 | -H-- | C] () -- C:\Program Files\HpOjScrubber.GID

[2009/09/24 14:18:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2009/07/27 12:09:29 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe

[2009/07/27 12:09:05 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2009/01/06 17:39:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/10/08 10:03:25 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ikey.ini

[2008/08/05 09:47:45 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll

[2008/04/24 11:35:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2008/04/15 12:09:15 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat

[2008/04/14 11:01:35 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\fusioncache.dat

[2008/04/14 10:53:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008/04/14 10:53:00 | 000,000,159 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2008/04/12 17:29:41 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/12 17:08:46 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini

[2008/04/07 13:43:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2008/04/03 13:27:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/03 12:58:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/04/03 12:58:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2008/04/03 12:56:54 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:57:15 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 12:51:20 | 000,466,806 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 12:51:20 | 000,079,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

Link to post
Share on other sites

There is still malware that needs to go; please run the following from within the profile that had the problems.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Elise

I uninstalled AVG, and ran ComboFix. Here is the report. Jason

ComboFix 11-05-12.02 - Jason 13/05/2011 12:07:00.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1605 [GMT 1:00]

Running from: c:\documents and settings\Jason\My Documents\Downloads\ComboFix.exe

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\sh5gy611u40h

c:\documents and settings\Jason\GoToAssistDownloadHelper.exe

c:\documents and settings\Jason\Local Settings\Application Data\sh5gy611u40h

c:\documents and settings\Jason\Templates\sh5gy611u40h

.

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))

.

.

2011-05-12 15:39 . 2011-05-12 15:39 -------- d-----w- C:\_OTL

2011-05-12 15:35 . 2011-05-12 15:35 -------- d-----w- c:\program files\ERUNT

2011-05-11 15:46 . 2011-05-11 15:46 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2011-05-11 15:10 . 2011-05-11 15:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-05-10 15:46 . 2011-05-10 15:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-05-10 11:23 . 2011-05-10 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-05-10 11:23 . 2011-05-10 11:23 -------- d-----w- c:\program files\Common Files\Skype

2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-04-15 08:42 . 2011-04-15 08:42 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Trusteer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2004-08-10 12:02 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2004-08-10 11:51 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-10 11:51 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2004-08-10 11:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-10 11:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-04-16 08:43 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-10 11:50 290432 ----a-w- c:\windows\system32\atmfd.dll

2008-10-17 09:13 . 2008-10-17 09:13 4013504 ----a-w- c:\program files\OutlookConnector.exe

2003-03-28 17:12 . 2011-02-21 09:50 417792 ----a-w- c:\program files\OjScrubber.exe

2011-05-03 16:29 . 2011-04-04 14:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2008-11-03 54560]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 16132608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-16 138008]

"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-12-23 795936]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-12-23 58656]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2008-10-24 206112]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Jason\Start Menu\Programs\Startup\

BUFFALO NAS Navigator2.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2010-12-1 1897952]

NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2010-12-1 206128]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Desktop Manager.lnk.disabled [2010-1-13 1741]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-16 805392]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-10-09 16:17 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk

backup=c:\windows\pss\NovaBACKUP Tray Control.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-11-19 22:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-10-22 13:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]

2009-10-13 14:38 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 12:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [03/05/2011 11:58 57144]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [30/03/2009 10:35 464264]

R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]

R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [15/04/2010 12:51 261256]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [23/12/2008 02:27 144672]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [21/06/2010 10:43 179656]

S1 RapportKELL;RapportKELL;\??\c:\program files\Trusteer\Rapport\bin\RapportKELL.sys --> c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 18:35 135664]

S2 SolutoService;Soluto PCGenome Core Service;"c:\program files\Soluto\SolutoService.exe" --> c:\program files\Soluto\SolutoService.exe [?]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/04/2008 13:19 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 18:35 135664]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 17:35]

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 17:35]

.

2011-05-12 c:\windows\Tasks\User_Feed_Synchronization-{43874450-5490-4560-B3CA-B04DD4F6C2AF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.bbc.co.uk/

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with PDF Converter 5.2 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100

IE: Open with PDF Professional 5.2 - c:\program files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: FirstViewer - hxxp://barnet.documentretrieval.co.uk/alchemyweb/Components/FirstVwr.CAB

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\mowsp08t.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - (no file)

BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-13 12:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(1504)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\BUFFALO\NASNAVI\nassvc.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE

c:\compaq\EAKDRV\EAUSBKBD.EXE

c:\progra~1\Compaq\EASYAC~1\BttnServ.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\HPZinw12.exe

.

**************************************************************************

.

Completion time: 2011-05-13 12:21:48 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-13 11:21

.

Pre-Run: 211,016,540,160 bytes free

Post-Run: 211,130,286,080 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 1B16D2200CF689D41094FE994624D799

Link to post
Share on other sites

Hi there,

That looks better now. How are things running at this point?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM and update it. Run a full scan and post me the resulting log.

Link to post
Share on other sites

Hi Elise

Firstly can I say how helpful you have been in helping me with my problem. I have reinstalled AVG after Combofix asked me to remove it inorder to work. The only thing of issue is ZoneAlarm. At the moment the firewall in Security Centre is Windows Firewall. The ZoneAlarm icon in the System Tray shows that Protection is Up, UI is initializing. I cannot open the ZA software to look at settings etc.

Here is the latest MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6567

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

13/05/2011 14:12:11

mbam-log-2011-05-13 (14-12-11).txt

Scan type: Full scan (C:\|)

Objects scanned: 233463

Time elapsed: 1 hour(s), 45 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi, can you try to uninstall ZA completely and then reinstall it? Note, if you connect to the internet through a router, you do not need a third party firewall, since a router acts as a hardware firewall.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Hi Elise

I reinstalled ZA and it seems to be working fine. I also ran ESET scanner and have pasted the results below. Do I need to keep the programs which I installed during this process or may I now unistall them from my PC?

Thanks again for your help. Jason

C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001381.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001382.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Link to post
Share on other sites

Those were just some leftovers.

You can now remove all tools we used, please see also below.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS and GMER (this is a random named file)

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.