Jump to content

Infected Laptop


Recommended Posts

Hello. My wife's laptop had a virus. A friend of mine said he removed it, but I think it is still here, or another virus has attacked her laptop. Virus attacked the "indexing" of the laptop. All files were hidden. My friend supposedly removed the virus. I was able to "unhide" most of files, but there are still some that are hidden. Used Malware Bytes and removed 6 infected files. Still having trouble with computer. Here is some info:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14

Run by Jessica at 0:57:37 on 2011-11-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2220 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\SelectRebates\SelectRebates.exe

C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.DotMacSync.client.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Windows Internet Explorer provided by Comcast

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll

TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [selectRebates] c:\program files\selectrebates\SelectRebates.exe

mRun: [sSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\jessica\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\documents and settings\jessica\start menu\programs\startup\PowerReg Scheduler V3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: arise.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237657637703

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237657630812

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-3-21 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-3-21 43608]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-13 18560]

S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [2010-5-27 16384]

S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2010-5-27 16640]

.

=============== Created Last 30 ================

.

2011-11-14 05:24:18 28160 ----a-w- c:\windows\system32\dll.dll

2011-11-14 03:46:42 296054 ----a-w- c:\windows\system32\shimg.dll

2011-11-03 03:05:44 0 ----a-w- c:\documents and settings\jessica\vsgsykpseb.tmp

2011-11-03 02:18:56 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-11-03 01:04:46 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-11-03 01:04:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-11-03 01:03:11 -------- d-----w- c:\documents and settings\jessica\application data\QuickScan

2011-11-02 21:49:22 -------- d-----w- c:\windows\system32\appmgmt

2011-11-02 21:24:53 -------- d-----w- c:\windows\pss

.

==================== Find3M ====================

.

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 1:03:42.67 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/7/2005 11:24:05 AM

System Uptime: 11/14/2011 12:48:36 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0M277C

Processor: Intel® Core™2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1995/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 50 GiB total, 26.878 GiB free.

D: is FIXED (NTFS) - 99 GiB total, 15.797 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Officejet 6500 E709n

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: 6500 E709n,192.168.1.104

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet 6500 E709n

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 6500 E709n

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}

Description: Officejet 6500 E709n

Device ID: ROOT\PRINTER\0000

Manufacturer: HP

Name: Officejet 6500 E709n

PNP Device ID: ROOT\PRINTER\0000

Service:

.

==== System Restore Points ===================

.

RP673: 8/2/2011 10:33:11 PM - System Checkpoint

RP674: 8/4/2011 4:54:08 PM - System Checkpoint

RP675: 8/5/2011 9:43:40 PM - System Checkpoint

RP676: 8/6/2011 10:00:24 PM - System Checkpoint

RP677: 8/8/2011 9:50:27 AM - System Checkpoint

RP678: 8/9/2011 10:52:49 AM - System Checkpoint

RP679: 8/10/2011 3:46:32 PM - System Checkpoint

RP680: 8/12/2011 7:51:36 AM - System Checkpoint

RP681: 8/15/2011 8:32:32 AM - System Checkpoint

RP682: 8/17/2011 4:43:49 PM - System Checkpoint

RP683: 8/19/2011 8:49:56 AM - System Checkpoint

RP684: 8/20/2011 3:23:17 PM - System Checkpoint

RP685: 8/22/2011 9:25:28 AM - System Checkpoint

RP686: 8/23/2011 6:04:17 PM - System Checkpoint

RP687: 8/25/2011 10:03:57 AM - System Checkpoint

RP688: 8/26/2011 10:37:58 AM - System Checkpoint

RP689: 8/28/2011 10:50:29 AM - System Checkpoint

RP690: 8/29/2011 10:59:38 AM - System Checkpoint

RP691: 8/31/2011 9:11:38 AM - System Checkpoint

RP692: 9/1/2011 9:23:38 AM - System Checkpoint

RP693: 9/2/2011 11:23:52 AM - System Checkpoint

RP694: 9/3/2011 11:59:29 AM - System Checkpoint

RP695: 9/4/2011 12:25:35 PM - System Checkpoint

RP696: 9/5/2011 2:49:59 PM - System Checkpoint

RP697: 9/6/2011 3:46:18 PM - System Checkpoint

RP698: 9/7/2011 6:00:35 PM - System Checkpoint

RP699: 9/9/2011 5:42:00 PM - System Checkpoint

RP700: 9/10/2011 6:44:26 PM - System Checkpoint

RP701: 9/11/2011 7:34:22 PM - System Checkpoint

RP702: 9/11/2011 9:29:18 PM - Installed Homeschool Tracker Basic

RP703: 9/13/2011 12:38:03 AM - System Checkpoint

RP704: 9/14/2011 3:59:40 PM - System Checkpoint

RP705: 9/16/2011 9:17:31 PM - System Checkpoint

RP706: 9/18/2011 3:15:30 PM - System Checkpoint

RP707: 9/19/2011 11:37:40 PM - System Checkpoint

RP708: 9/21/2011 12:26:10 PM - System Checkpoint

RP709: 9/22/2011 2:16:13 PM - System Checkpoint

RP710: 9/23/2011 7:10:20 PM - System Checkpoint

RP711: 9/27/2011 11:37:39 AM - System Checkpoint

RP712: 9/28/2011 12:22:05 PM - System Checkpoint

RP713: 9/29/2011 12:57:51 PM - System Checkpoint

RP714: 10/2/2011 2:26:57 PM - System Checkpoint

RP715: 10/3/2011 3:53:21 PM - System Checkpoint

RP716: 10/4/2011 6:15:22 PM - System Checkpoint

RP717: 10/8/2011 12:58:29 PM - System Checkpoint

RP718: 10/9/2011 2:21:36 PM - System Checkpoint

RP719: 10/11/2011 11:53:54 AM - System Checkpoint

RP720: 10/12/2011 12:32:39 PM - System Checkpoint

RP721: 10/13/2011 1:15:06 PM - System Checkpoint

RP722: 10/19/2011 11:10:39 AM - System Checkpoint

RP723: 10/20/2011 9:50:59 PM - System Checkpoint

RP724: 10/30/2011 9:52:00 PM - System Checkpoint

RP725: 11/2/2011 5:49:22 PM - Removed Desktop Doctor

RP726: 11/2/2011 9:07:14 PM - Removed Desktop Doctor

RP727: 11/13/2011 11:59:22 PM - System Checkpoint

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 1 (SP1)

32 Bit HP CIO Components Installer

3DVIA player 5.0

3ivx MPEG-4 5.0.3 (remove only)

6300

6300_Help

6300Trb

6500_E709_eDocs

6500_E709_Help

6500_E709n

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.2

Adobe Shockwave Player 11.5

Advertising Center

AiO_Scan_CDA

AiOSoftwareNPI

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bengal

Bonjour

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

Comcast High-Speed Internet Install Wizard

Coupon Printer for Windows

Cozi

Cozi Outlook Toolbar

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

CueTour

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceFunctionQFolder

DeviceManagementQFolder

Diamond Drop (CD version)

Diamond Drop 2 (CD version)

Disney Princess Royal Horse Show

DocMgr

DocProc

DocumentViewer

DocumentViewerQFolder

Dogz (remove only)

DolbyFiles

Download Updater (AOL LLC)

Easy-Link internet launch pad

eSupportQFolder

Fax

Fax_CDA

FlipShare

FP3 Player

FullDPAppQFolder

GoToMeeting 4.5.0.457

GPBaseService2

Homeschool Tracker Basic

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

HP Customer Participation Program 12.0

HP Document Manager 2.0

HP Document Viewer 6.1

HP Imaging Device Functions 12.0

HP Officejet 6500 E709 Series

HP Photosmart Premier Software 6.1

HP PSC & OfficeJet 6.1.A

HP Smart Web Printing

HP Solution Center 12.0

HP Update

HPProductAssistant

HPSSupply

ImagXpress

InstantShareDevices

Intel® Graphics Media Accelerator Driver

iTunes

Java™ 6 Update 14

JumpStart Advanced Language Club

JumpStart Animal Field Trip

JumpStart Artist

JumpStart World Presents Pet Playground

LeapFrog Connect

LeapFrog Didj Plugin

LeapFrog Tag Plugin

LightScribe System Software

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

Menu Templates - Starter Kit

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Zoo Tycoon

MobileMe Control Panel

Movie Templates - Starter Kit

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

Network

NetZero Internet and Voice Offer

NewCopy_CDA

Norton Security Scan

O2Micro Flash Memory Card Reader Driver (x86)

OCR Software by I.R.I.S. 12.0

PanoStandAlone

PhotoGallery

ProductContext

ProductContextNPI

Publix Preschool Pals

Putt Putt Saves the Zoo

QuickTime

RandMap

Reading Readiness

Readme

Realtek High Definition Audio Driver

Safari

Scan

ScannerCopy

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB958439)

Security Update for Microsoft Office Excel 2007 (KB958437)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB956828)

Security Update for Microsoft Office Word 2007 (KB956358)

Security Update for Windows XP (KB923789)

Shop for HP Supplies

ShopAtHome.com Toolbar

SkinsHP1

SmartWebPrinting

Smilebox

SolutionCenter

Sonic_PrimoSDK

Spelling Dictionaries Support For Adobe Reader 9

Sprint Mobile Broadband (Sierra)

Status

Synaptics Pointing Device Driver

The Land Before Time Kindergarten Adventure

Toolbox

Transition Math K-1

TrayApp

Unity Web Player

Unload

UnloadSupport

Update for Microsoft Office 2007 Help for Common Features (KB957244)

Update for Microsoft Office Access 2007 Help (KB957241)

Update for Microsoft Office Excel 2007 Help (KB957242)

Update for Microsoft Office InfoPath 2007 Help (KB957243)

Update for Microsoft Office OneNote 2007 Help (KB957245)

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Microsoft Office Outlook 2007 Help (KB957246)

Update for Microsoft Office PowerPoint 2007 Help (KB957247)

Update for Microsoft Office Publisher 2007 Help (KB957249)

Update for Microsoft Office Word 2007 Help (KB957252)

Update for Microsoft Script Editor Help (KB957253)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb962871)

USBFast

Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

Visual Studio 2005 Tools for Office Second Edition Runtime

VIVA MEDIA GAME CENTER

VoiceOver Kit

WebFldrs XP

WebReg

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Search 4.0

Zoboomafoo Animal Alphabet™

.

==== Event Viewer Messages From Past Week ========

.

11/14/2011 12:49:12 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/13/2011 10:23:38 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Automatic Updates.

.

==== End Of File ===========================

Thanks for your help.

Chris

Link to post
Share on other sites

Hello Chris! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

I want to see what Malwarebytes' Anti-Malware detects to have an idea what we are dealing, so:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log only

Link to post
Share on other sites

Anti-Malware log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8171

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

11/15/2011 8:06:31 PM

mbam-log-2011-11-15 (20-06-31).txt

Scan type: Quick scan

Objects scanned: 179368

Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14

Run by Jessica at 19:52:20 on 2011-11-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2403 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://forums.malwarebytes.org/

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

StartupFolder: c:\docume~1\jessica\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\documents and settings\jessica\start menu\programs\startup\PowerReg Scheduler V3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: arise.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237657637703

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237657630812

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-3-21 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-3-21 43608]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-13 18560]

S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [2010-5-27 16384]

S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2010-5-27 16640]

.

=============== Created Last 30 ================

.

2011-11-15 04:40:18 -------- d-sha-r- C:\cmdcons

2011-11-15 04:34:58 98816 ----a-w- c:\windows\sed.exe

2011-11-15 04:34:58 518144 ----a-w- c:\windows\SWREG.exe

2011-11-15 04:34:58 256000 ----a-w- c:\windows\PEV.exe

2011-11-15 04:34:58 208896 ----a-w- c:\windows\MBR.exe

2011-11-15 04:33:34 -------- d-----w- C:\ComboFix

2011-11-03 02:18:56 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-11-03 01:04:46 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-11-03 01:04:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-11-03 01:03:11 -------- d-----w- c:\documents and settings\jessica\application data\QuickScan

2011-11-02 21:49:22 -------- d-----w- c:\windows\system32\appmgmt

2011-11-02 21:24:53 -------- d-----w- c:\windows\pss

.

==================== Find3M ====================

.

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 19:58:30.04 ===============

Note: Often, a box shows up on my screen stating "There was a problem with Internet Explorer......." inside the box,you can either click "Send error report" or "Don't send". If I click either one, it closes my internet site I am currently on. Also, I occasionally hear music and commercials(?), but I have nothing open...

Last, when I go to some of my programs through the "Start" box, they are showing up as empty (example Picasa 3), but if I go to "my Pictures" they are all there.... How can I "unhide" these programs? (without having to go to each and every file and unhide them)

Thanks again for your help.

Chris

Link to post
Share on other sites

Let's try the following to restore them:

  1. Please download Restore Accessories Program Files Menu with accrestore.zip for XP
  2. Extract (unzip) the tool, double-click on it to run and ensure that the following check boxes are checked (as shown below):
    restore-start-menu-accessories-folder.png
  3. Then click on the Restore button.

Next:

  1. Please download Restore Admin Tools Program Files Menu with admintools.zip for XP
  2. Extract (unzip) the tool, double-click on it to run and click on Restore Administrative Tools Items (as shown below):
    RestoreAdministrativeTools.png
  3. Then click on the Restore button.

For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.

Link to post
Share on other sites

Okay, I did this, but there are programs (in the Start Menu) that ares showing as "empty". I cannot find them in the computer. (went to Add/delete programs and could not find them in the directory (example, I cannot find Picasa 3). Could a virus have completely/permanently deleted a program/file?

Also, I am getting boxes (title on box is Microsoft Internet Explorer) popping up saying "Are you sure you want to navigate away from this page? Click "Cancel" to continue browsing on Localpages" -----I do not have Internet Explorer open and this popped up.

Does this mean my computer is still infected?

Thanks

Chris

Link to post
Share on other sites

I googled "unhide.exe". Showed links, including mybleeping computer. Tried to go to that site, and at the top of the screen I noticed it said "Re-directed". A list of wierd websites came up.. Did not click anything. Closed page.

Still hearing "commercials" (audio), but nothing on my screen...(I am hearing commercials as I am typing this)

Thanks

Chris

Link to post
Share on other sites

Here it is.

ComboFix 11-11-20.02 - Jessica 11/21/2011 7:18.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2464 [GMT -5:00]

Running from: c:\documents and settings\Jessica\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\CSC\d6

.

.

((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))

.

.

2011-11-21 12:02 . 2011-11-21 12:02 -------- d-----w- c:\windows\LastGood

2011-11-21 12:02 . 2008-10-16 19:09 43544 ----a-w- c:\windows\system32\OLD1B.tmp

2011-11-03 02:18 . 2011-11-03 02:18 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-11-03 01:04 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-11-03 01:03 . 2011-11-03 01:03 -------- d-----w- c:\documents and settings\Jessica\Application Data\QuickScan

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 21:00 . 2009-11-06 03:51 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-15_05.29.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-21 11:58 . 2011-11-21 11:58 16384 c:\windows\Temp\Perflib_Perfdata_ce0.dat

+ 2011-11-21 11:58 . 2011-11-21 11:58 16384 c:\windows\Temp\Perflib_Perfdata_838.dat

+ 2011-11-21 12:02 . 2008-10-16 19:09 43544 c:\windows\LastGood\system32\wups2.dll

+ 2011-11-21 12:02 . 2008-10-16 19:08 34328 c:\windows\LastGood\system32\wups.dll

+ 2011-11-21 01:58 . 2011-11-21 12:02 2344 c:\windows\SoftwareDistribution\EventCache\{548A57B5-CF6D-49FA-A876-774836CDA6C6}.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2009-04-28 491520]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]

"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 20480]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1310720]

.

c:\documents and settings\Jessica\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

PowerReg Scheduler V3.exe [2010-10-26 229376]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billeo.lnk - c:\program files\Billeo\billeo.exe [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/21/2009 12:08 PM 717296]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3/21/2009 10:53 AM 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3/21/2009 10:53 AM 43608]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/13/2011 10:39 AM 18560]

S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [5/27/2010 12:32 AM 16384]

S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [5/27/2010 12:32 AM 16640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1606980848-1658431636-1003Core.job

- c:\documents and settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-21 04:37]

.

2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1606980848-1658431636-1003UA.job

- c:\documents and settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-21 04:37]

.

2011-10-19 c:\windows\Tasks\Norton Security Scan for Jessica.job

- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-11 08:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix#use

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: arise.com

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-21 07:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3836)

c:\windows\system32\hnetcfg.dll

.

Completion time: 2011-11-21 08:03:00

ComboFix-quarantined-files.txt 2011-11-21 13:02

ComboFix2.txt 2011-11-15 05:45

.

Pre-Run: 29,356,601,344 bytes free

Post-Run: 29,371,473,920 bytes free

.

- - End Of File - - B64BEC4F482E9C9EA9DB0E85786EBC40

Link to post
Share on other sites

The box that shows the link is not coming up on the screen. So, I copied and pasted the page. Hope this helps.

Thanks

VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼

VirusTotal's website has changed, we need new translations, do you feel like helping the community?

info@virustotal.comSign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.

email

password

Keep me logged in

Sign in

Signing in, please wait...

Login failed, please try again

Forgot your password? Create an account

Edit my profile

View my profile

Inbox

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: hnetcfg.dll

Submission date: 2011-11-22 04:21:52 (UTC)

Current status: queued queued analysing finished

Result: 0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.11.21.00 2011.11.21 -

AntiVir 7.11.17.252 2011.11.22 -

Antiy-AVL 2.0.3.7 2011.11.22 -

Avast 6.0.1289.0 2011.11.21 -

AVG 10.0.0.1190 2011.11.21 -

BitDefender 7.2 2011.11.22 -

ByteHero 1.0.0.1 2011.11.14 -

ClamAV 0.97.3.0 2011.11.22 -

Commtouch 5.3.2.6 2011.11.22 -

Comodo 10781 2011.11.22 -

DrWeb 5.0.2.03300 2011.11.22 -

Emsisoft 5.1.0.11 2011.11.22 -

eSafe 7.0.17.0 2011.11.20 -

eTrust-Vet 37.0.9580 2011.11.21 -

F-Prot 4.6.5.141 2011.11.22 -

F-Secure 9.0.16440.0 2011.11.21 -

Fortinet 4.3.370.0 2011.11.22 -

GData 22 2011.11.22 -

Ikarus T3.1.1.109.0 2011.11.22 -

Jiangmin 13.0.900 2011.11.16 -

K7AntiVirus 9.119.5508 2011.11.21 -

Kaspersky 9.0.0.837 2011.11.22 -

McAfee 5.400.0.1158 2011.11.22 -

McAfee-GW-Edition 2010.1D 2011.11.21 -

Microsoft 1.7801 2011.11.21 -

NOD32 6649 2011.11.22 -

Norman 6.07.13 2011.11.21 -

nProtect 2011-11-21.02 2011.11.21 -

Panda 10.0.3.5 2011.11.21 -

PCTools 8.0.0.5 2011.11.22 -

Prevx 3.0 2011.11.22 -

Rising 23.84.04.02 2011.11.18 -

Sophos 4.71.0 2011.11.22 -

SUPERAntiSpyware 4.40.0.1006 2011.11.22 -

Symantec 20111.2.0.82 2011.11.22 -

TheHacker 6.7.0.1.346 2011.11.22 -

TrendMicro 9.500.0.1008 2011.11.22 -

TrendMicro-HouseCall 9.500.0.1008 2011.11.22 -

VBA32 3.12.16.4 2011.11.21 -

VIPRE 11112 2011.11.22 -

ViRobot 2011.11.22.4786 2011.11.22 -

VirusBuster 14.1.76.0 2011.11.21 -

Additional informationShow all

MD5 : 3cb32d3b8cbe79899d63280bb7a83cd9

SHA1 : 93768c7019a79077b74d183b6c1d3b3a91c0c4b4

SHA256: f34db3b3dd65f0135f1f7005703b824d2c9b17f7a43062f1ffbec53b3b26efc3

ssdeep: 6144:TnGU1Eo11qK2GO9FP4AFqV7CicQTtqjMiKtwrdy5Q68:Bv2l3QAFqV7CicItoMiKtCGB

File size : 344064 bytes

First seen: 2009-02-12 01:22:34

Last seen : 2011-11-22 04:21:52

TrID:

DirectShow filter (52.6%)

Windows OCX File (32.2%)

Win32 Executable MS Visual C++ (generic) (9.8%)

Win32 Executable Generic (2.2%)

Win32 Dynamic Link Library (generic) (1.9%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Home Networking Configuration Manager

original name: HNETCFG.DLL

internal name: HNETCFG.DLL

file version.: 5.1.2600.5512 (xpsp.080413-0852)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x37A5B

timedatestamp....: 0x4802A0CA (Mon Apr 14 00:09:46 2008)

machinetype......: 0x14c (I386)

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x3E091, 0x3E200, 6.42, 84f992ca403594635ae01f610495b8c3

.orpc, 0x40000, 0x9E, 0x200, 2.44, 13fa2949fd461eabbc4d7f73d06db912

.data, 0x41000, 0xA48, 0xA00, 3.60, 849e0a2d0b7005bc785919bd94299a3d

.rsrc, 0x42000, 0x10588, 0x10600, 4.51, 17b99c73c9662ecca8cc418a8adda6f6

.reloc, 0x53000, 0x46BA, 0x4800, 5.90, 911f26c0b4c888d8906a5bb0de24cbc6

[[ 7 import(s) ]]

msvcrt.dll: malloc, free, realloc, __2@YAPAXI@Z, swprintf, wcslen, _wcsicmp, _snwprintf, wcscpy, wcsncpy, wcsstr, wcstombs, wcscmp, _wtoi, wcscat, _ultow, wcstoul, iswdigit, _wcsnicmp, wcschr, wcsncmp, qsort, iswalpha, wcspbrk, memmove, _initterm, _adjust_fdiv, _terminate@@YAXXZ, _except_handler3, __CxxFrameHandler, __3@YAXPAX@Z

ntdll.dll: RtlIpv4AddressToStringW, NtQueryObject, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlNtStatusToDosError, RtlIpv6StringToAddressW, RtlIpv4StringToAddressW, NtSetValueKey, NtClose, RtlUnicodeStringToAnsiString, RtlFreeAnsiString, VerSetConditionMask, RtlStringFromGUID, RtlFreeUnicodeString, NtQueryValueKey, RtlInitUnicodeString, NtOpenKey, NtOpenFile

ADVAPI32.dll: FreeSid, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegNotifyChangeKeyValue, RegQueryValueExW, AllocateAndInitializeSid, CheckTokenMembership, RegDeleteKeyW, ChangeServiceConfigW, StartServiceW, ControlService, OpenSCManagerW, OpenServiceW, CloseServiceHandle, QueryServiceStatus, RegEnumKeyExW

GDI32.dll: GetTextExtentPointW, GetTextExtentPoint32W, ExtTextOutW, SetBkColor, SetTextColor, SelectObject, DeleteObject, GetTextMetricsW

KERNEL32.dll: LockResource, WideCharToMultiByte, lstrcmpA, DeviceIoControl, SetLastError, DelayLoadFailureHook, GetCurrentThreadId, VerifyVersionInfoW, GetModuleHandleW, FormatMessageW, GlobalAlloc, GlobalFree, GlobalReAlloc, IsBadReadPtr, LocalFree, LocalAlloc, CreateThread, FreeLibraryAndExitThread, OpenEventW, ExpandEnvironmentStringsW, GlobalDeleteAtom, IsBadWritePtr, GetComputerNameExW, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetComputerNameA, WaitForSingleObject, OpenProcess, SetEvent, GetLongPathNameW, InitializeCriticalSectionAndSpinCount, QueueUserWorkItem, CreateEventW, CreateFileW, SwitchToThread, InterlockedExchange, QueueUserAPC, WaitForSingleObjectEx, UnregisterWaitEx, RegisterWaitForSingleObject, GlobalAddAtomW, InterlockedCompareExchange, FreeLibrary, MultiByteToWideChar, lstrlenW, lstrcpyW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, lstrcmpiW, lstrcpynW, HeapDestroy, lstrcatW, GetModuleFileNameW, GetProcAddress, LoadLibraryW, DisableThreadLibraryCalls, lstrlenA, SizeofResource, LoadResource, FindResourceW, GetLastError, LoadLibraryExW, GetShortPathNameW, HeapFree, HeapAlloc, GetProcessHeap, Sleep, CloseHandle

RPCRT4.dll: NdrCStdStubBuffer_Release, NdrOleFree, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy, CStdStubBuffer_QueryInterface, CStdStubBuffer_AddRef, CStdStubBuffer_Connect, CStdStubBuffer_Disconnect, CStdStubBuffer_Invoke, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_CountRefs, CStdStubBuffer_DebugServerQueryInterface, CStdStubBuffer_DebugServerRelease, NdrDllRegisterProxy, NdrDllCanUnloadNow, NdrDllGetClassObject, RpcBindingFree, RpcStringFreeW, RpcBindingSetAuthInfoExW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, NdrOleAllocate

USER32.dll: ReleaseDC, CharPrevW, LoadIconW, SetPropW, GetPropW, CallWindowProcW, GetDlgCtrlID, SendMessageW, GetWindowTextLengthW, GetSysColor, GetParent, GetSystemMetrics, GetWindowLongW, SetWindowLongW, GetWindowRect, SetWindowPos, LoadStringW, CharNextW, GetDC, GetClientRect, IsWindowEnabled, GetDlgItem, wsprintfW, WinHelpW, UnhookWindowsHookEx, MessageBoxW, SetWindowsHookExW, BeginDeferWindowPos, DialogBoxParamW, IsDlgButtonChecked, GetDlgItemInt, SetFocus, CheckDlgButton, SetDlgItemTextW, SetDlgItemInt, EndDialog, RemovePropW, EndDeferWindowPos, PostMessageW, ShowWindow, MapWindowPoints, EnableWindow, SetWindowTextW, GetWindowTextW, DeferWindowPos

[[ 42 export(s) ]]

DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, HNetDeleteRasConnection, HNetFreeFirewallLoggingSettings, HNetFreeSharingServicesPage, HNetGetFirewallSettingsPage, HNetGetShareAndBridgeSettings, HNetGetSharingServicesPage, HNetSetShareAndBridgeSettings, HNetSharedAccessSettingsDlg, HNetSharingAndFirewallSettingsDlg, IcfChangeNotificationCreate, IcfChangeNotificationDestroy, IcfCheckAppAuthorization, IcfCloseDynamicFwPort, IcfConnect, IcfDisconnect, IcfFreeAdapters, IcfFreeDynamicFwPorts, IcfFreeProfile, IcfFreeString, IcfFreeTickets, IcfGetAdapters, IcfGetCurrentProfileType, IcfGetDynamicFwPorts, IcfGetOperationalMode, IcfGetProfile, IcfGetTickets, IcfIsIcmpTypeAllowed, IcfIsPortAllowed, IcfOpenDynamicFwPort, IcfOpenDynamicFwPortWithoutSocket, IcfOpenFileSharingPorts, IcfRefreshPolicy, IcfRemoveDisabledAuthorizedApp, IcfSetServicePermission, IcfSubNetsGetScope, IcfSubNetsIsStringValid, IcfSubNetsToString, WinBomConfigureWindowsFirewall

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 254976

CompanyName: Microsoft Corporation

EntryPoint: 0x37a5b

FileDescription: Home Networking Configuration Manager

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 336 kB

FileSubtype: 0

FileType: Win32 DLL

FileVersion: 5.1.2600.5512 (xpsp.080413-0852)

FileVersionNumber: 5.1.2600.5512

ImageVersion: 5.1

InitializedDataSize: 88576

InternalName: HNETCFG.DLL

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.1

ObjectFileType: Dynamic link library

OriginalFilename: HNETCFG.DLL

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 5.1.2600.5512

ProductVersionNumber: 5.1.2600.5512

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2008:04:14 02:09:46+02:00

UninitializedDataSize: 0

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold

text -- italics

text -- underline

text -- strikethrough

text

-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware Malware Spam attachment/link

P2P download Propagating via IM Network worm

Drive-by-download

Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.

Preview commentEdit comment Post comment Posting comment...

Comment successfully posted

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com- TOS & Privacy Policy

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Malware:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

11/22/2011 8:46:17 PM

mbam-log-2011-11-22 (20-46-17).txt

Scan type: Quick scan

Objects scanned: 194031

Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=67eac9332166ee4fad9728e01be169ee

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-23 04:58:08

# local_time=2011-11-22 11:58:08 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=133282

# found=20

# cleaned=18

# scan_time=4771

C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\27\3daf605b-14529390 a variant of Java/Agent.DW trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\4\3d966444-23379055 a variant of Win32/Kryptik.UOE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\62\63ec12be-46de0fd2 a variant of Java/Agent.DP trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\36jsf29q.default\extensions\{2eafa14a-3c0e-49a8-a2de-4cd4f82f61b7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\36jsf29q.default\extensions\{2eafa14a-3c0e-49a8-a2de-4cd4f82f61b7}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\36jsf29q.default\extensions\{e726f3e5-a5ea-4762-938b-706735736127}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\36jsf29q.default\extensions\{e726f3e5-a5ea-4762-938b-706735736127}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{2eafa14a-3c0e-49a8-a2de-4cd4f82f61b7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{2eafa14a-3c0e-49a8-a2de-4cd4f82f61b7}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{e726f3e5-a5ea-4762-938b-706735736127}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{e726f3e5-a5ea-4762-938b-706735736127}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Dll.dll.vir a variant of Win32/Lukicsel.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D239F0A3-F2BC-40B4-B2EA-CDEA11CF067A}\RP727\A0171396.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D239F0A3-F2BC-40B4-B2EA-CDEA11CF067A}\RP727\A0171397.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D239F0A3-F2BC-40B4-B2EA-CDEA11CF067A}\RP727\A0171398.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D239F0A3-F2BC-40B4-B2EA-CDEA11CF067A}\RP727\A0171399.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D239F0A3-F2BC-40B4-B2EA-CDEA11CF067A}\RP727\A0171417.dll a variant of Win32/Lukicsel.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\cdrom.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\Temp\0.34810585433018515.exe a variant of Win32/Kryptik.VXB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} multiple threats 00000000000000000000000000000000 I

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Step 1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Step 2

  1. Download aswMBR.exe (1870KB) to your desktop.
  2. Double click the aswMBR.exe to run it
    aswMBR1.png
  3. Click the [scan] button to start scan
    aswMBR2.png
  4. On completion of the scan click [save log], save it to your desktop and post in your next reply.

In your next reply, please post the following log files:

  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

OTL Extras logfile created on: 11/24/2011 12:58:00 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 80.80% Memory free

4.83 Gb Paging File | 4.40 Gb Available in Paging File | 91.01% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 50.10 Gb Total Space | 26.93 Gb Free Space | 53.75% Space Free | Partition Type: NTFS

Drive D: | 98.95 Gb Total Space | 15.80 Gb Free Space | 15.96% Space Free | Partition Type: NTFS

Computer Name: JESSICA_LAPTOP | User Name: Jessica | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Disabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Disabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Disabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare

"{121d3f85-bfff-4304-8dfc-a8015286457d}" = Nero 9 Essentials

"{194D0B58-ED34-444F-A1D1-C1CACFC3B7EE}" = Cozi Outlook Toolbar

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{2387D970-F42D-4278-AA40-7B727F9721FC}" = Disney Princess Royal Horse Show

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware

"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision

"{44170B31-F47A-4FF9-9D77-382D1FE2A728}" = FP3 Player

"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300

"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5D3460AD-2940-420A-BFEF-556B8C674FFB}" = Cozi

"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help

"{5E564EB5-6BE3-4084-BEC0-627D637BBE8C}" = Easy-Link internet launch pad

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini

"{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra)

"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network

"{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}" = NetZero Internet and Voice Offer

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext

"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter

"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan

"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AD528602-C32D-4E9B-A5A5-609F2A186808}" = Homeschool Tracker Basic

"{AED142A8-96EA-42DE-B212-60BFC98D6CC7}" = USBFast

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit

"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C18C8031-56B2-49C4-AF23-8C46FBE5BD2C}" = LeapFrog Didj Plugin

"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help

"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime

"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs

"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)

"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit

"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin

"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone

"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help

"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2

"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"CCleaner" = CCleaner

"ComcastHSI" = Comcast High-Speed Internet Install Wizard

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Diamond Drop (CD version)" = Diamond Drop (CD version)

"Diamond Drop 2 (CD version)" = Diamond Drop 2 (CD version)

"DidjPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)

"Dogz" = Dogz (remove only)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Document Manager" = HP Document Manager 2.0

"HP Document Viewer" = HP Document Viewer 6.1

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.1

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0

"HPExtendedCapabilities" = HP Customer Participation Program 12.0

"HPOCR" = OCR Software by I.R.I.S. 12.0

"InstallShield_{44170B31-F47A-4FF9-9D77-382D1FE2A728}" = FP3 Player

"JumpStart Advanced Language Club" = JumpStart Advanced Language Club

"JumpStart Animal Field Trip" = JumpStart Animal Field Trip

"JumpStart Artist" = JumpStart Artist

"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"NSS" = Norton Security Scan

"Publix Preschool Pals" = Publix Preschool Pals

"Reading Readiness" = Reading Readiness

"Shop for HP Supplies" = Shop for HP Supplies

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

"The Land Before Time Kindergarten Adventure" = The Land Before Time Kindergarten Adventure

"Transition Math K-1" = Transition Math K-1

"UnityWebPlayer" = Unity Web Player

"UPCShell" = LeapFrog Connect

"VIVAGplayer" = VIVA MEDIA GAME CENTER

"Zoboomafoo Animal Alphabet" = Zoboomafoo Animal Alphabet

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 4.5.0.457

"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/22/2011 8:42:20 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2011 8:42:20 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 72062344

Error - 11/22/2011 8:42:20 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 72062344

Error - 11/22/2011 8:42:35 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2011 8:42:35 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 72077969

Error - 11/22/2011 8:42:35 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 72077969

Error - 11/22/2011 8:51:42 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2011 8:52:29 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2011 9:14:37 PM | Computer Name = JESSICA_LAPTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/24/2011 1:56:26 PM | Computer Name = JESSICA_LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x05572f54.

[ System Events ]

Error - 11/23/2011 11:34:52 PM | Computer Name = JESSICA_LAPTOP | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 11/23/2011 11:34:52 PM | Computer Name = JESSICA_LAPTOP | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 11/23/2011 11:34:52 PM | Computer Name = JESSICA_LAPTOP | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 11/24/2011 3:18:26 AM | Computer Name = JESSICA_LAPTOP | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070020: Automatic Updates.

Error - 11/24/2011 3:19:59 AM | Computer Name = JESSICA_LAPTOP | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 11/24/2011 3:21:34 AM | Computer Name = JESSICA_LAPTOP | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 11/24/2011 5:00:21 AM | Computer Name = JESSICA_LAPTOP | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 11/24/2011 6:30:18 AM | Computer Name = JESSICA_LAPTOP | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 11/24/2011 1:49:34 PM | Computer Name = JESSICA_LAPTOP | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 11/24/2011 1:59:39 PM | Computer Name = JESSICA_LAPTOP | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070020: Automatic Updates.

< End of report >

Link to post
Share on other sites

OTL logfile created on: 11/24/2011 12:58:00 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 80.80% Memory free

4.83 Gb Paging File | 4.40 Gb Available in Paging File | 91.01% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 50.10 Gb Total Space | 26.93 Gb Free Space | 53.75% Space Free | Partition Type: NTFS

Drive D: | 98.95 Gb Total Space | 15.80 Gb Free Space | 15.96% Space Free | Partition Type: NTFS

Computer Name: JESSICA_LAPTOP | User Name: Jessica | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jessica\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)

PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe (Sprint Spectrum, L.L.C)

PRC - C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (Fisher-Price, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

MOD - C:\Program Files\Flip Video\FlipShare\QtCore4.dll ()

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1a203ebd\system.xml.dll ()

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_554892ee\system.windows.forms.dll ()

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cd98d20\system.drawing.dll ()

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_8ebb8c24\system.dll ()

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f702b469\mscorlib.dll ()

MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()

MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()

MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()

MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()

MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()

MOD - C:\Program Files\HP\Digital Imaging\Smart Web Printing\NeoLoggingLib.dll ()

MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (o2flash) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)

SRV - (SPCSUtilityService) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe (Sprint Spectrum, L.L.C)

========== Driver Services (SafeList) ==========

DRV - (PLTurbo) -- C:\WINDOWS\system32\drivers\plturbo.sys (Prolific Technology Inc.)

DRV - (PLTurbh) -- C:\WINDOWS\system32\drivers\plturbh.sys (Prolific Technology Inc.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )

DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )

DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()

DRV - (SWMX00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)

DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forums.malwarebytes.org/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 47 C0 4A 02 12 51 02 49 86 6F A0 0E 71 28 F7 C0 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://cozicentral.cozi.com/homepage/default.aspx"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1

FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.27.1

FF - prefs.js..extensions.enabledItems: {602E0D2D-7710-4d47-A32C-998398DB993D}:1.2

FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5

FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006

FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19

FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-ab-en-us&query="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/21 14:10:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/17 21:13:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/08/17 20:05:56 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/08/17 20:05:56 | 000,000,000 | ---D | M]

[2009/03/21 14:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions

[2009/03/21 14:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/11/15 00:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions

[2009/03/21 14:33:25 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}

[2009/03/21 14:31:23 | 000,000,000 | ---D | M] (Fancy Numbered Tabs) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{602E0D2D-7710-4d47-A32C-998398DB993D}

[2011/11/02 20:03:00 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2011/09/27 23:50:18 | 000,000,000 | ---D | M] ("AOL Mail Toolbar") -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\{fa1cfe8c-66b4-4469-b360-b60c79d70c28}

[2009/04/28 11:36:28 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\moveplayer@movenetworks.com

[2011/01/16 22:44:09 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\toolbar@shopathome.com

[2009/03/24 10:47:17 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\searchplugins\aol-search.xml

[2011/11/02 20:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/06/17 21:14:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\JESSICA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HZS7KF7J.DEFAULT\EXTENSIONS\{89506680-E3F4-484C-A2C0-ED711D481EDA}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\JESSICA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HZS7KF7J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2009/06/17 21:13:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/03/01 19:33:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll

[2011/03/01 19:33:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2009/06/17 21:13:57 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/09/26 11:40:34 | 000,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2011/04/12 17:29:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2011/04/12 17:29:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2011/04/12 17:29:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2011/04/12 17:29:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2011/04/12 17:29:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2011/04/12 17:29:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2011/04/12 17:29:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (Fisher-Price, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk = File not found

O4 - Startup: C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O15 - HKCU\..Trusted Domains: arise.com ([]* in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237657637703 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237657630812 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A927511-F3C6-438B-8B4E-7339A3AC4C94}: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/21 11:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 12:56:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe

[2011/11/24 02:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/11/23 21:18:00 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jessica\Desktop\tdsskiller.exe

[2011/11/22 22:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/11/22 22:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/11/22 21:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/11/22 21:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/11/21 08:03:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/11/21 07:12:04 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/11/21 07:10:03 | 004,303,229 | R--- | C] (Swearware) -- C:\Documents and Settings\Jessica\Desktop\ComboFix.exe

[2011/11/20 23:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Start Menu\Programs\Google Chrome

[2011/11/20 23:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Desktop\accrestore

[2011/11/14 23:40:18 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/11/14 23:34:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/11/14 23:34:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/11/14 23:34:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/11/14 23:34:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/11/14 23:33:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/11/14 23:32:27 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/11/14 00:17:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jessica\Start Menu\Programs\Administrative Tools

[2011/11/02 22:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/11/02 21:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Recent

[2011/11/02 21:18:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2011/11/02 20:04:46 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2011/11/02 20:04:46 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2011/11/02 20:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\QuickScan

[2011/11/02 20:00:05 | 000,603,648 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Jessica\Desktop\STOPzilla_Setup.exe

[2011/11/02 16:49:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2011/11/02 16:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2011/11/02 16:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jessica\Desktop\*.tmp files -> C:\Documents and Settings\Jessica\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 12:56:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe

[2011/11/24 04:42:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1606980848-1658431636-1003UA.job

[2011/11/23 23:42:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1606980848-1658431636-1003Core.job

[2011/11/23 22:34:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/23 21:18:14 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jessica\Desktop\tdsskiller.exe

[2011/11/23 21:10:59 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/23 00:08:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/22 21:43:57 | 002,939,392 | ---- | M] () -- D:\My Documents\qkmz.exe

[2011/11/21 23:34:21 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner (2).url

[2011/11/21 07:10:14 | 004,303,229 | R--- | M] (Swearware) -- C:\Documents and Settings\Jessica\Desktop\ComboFix.exe

[2011/11/20 23:39:42 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Google Chrome.lnk

[2011/11/20 23:39:42 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/11/17 01:38:57 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Windows XP Tips - Ramesh.url

[2011/11/17 01:38:41 | 000,007,252 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\admintools.zip

[2011/11/17 01:37:49 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\accrestore.zip

[2011/11/14 23:40:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/11/14 00:54:08 | 000,472,128 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/14 00:54:08 | 000,082,932 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/02 22:22:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/02 19:59:56 | 000,603,648 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Jessica\Desktop\STOPzilla_Setup.exe

[2011/11/02 16:11:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/11/02 10:17:56 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011/11/02 09:41:49 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2011/11/02 09:40:28 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk

[2011/11/02 09:40:10 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011/11/02 09:40:10 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011/11/02 09:40:07 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\System Restore.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jessica\Desktop\*.tmp files -> C:\Documents and Settings\Jessica\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/22 21:43:25 | 002,939,392 | ---- | C] () -- D:\My Documents\qkmz.exe

[2011/11/21 23:34:21 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner (2).url

[2011/11/20 23:39:42 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Google Chrome.lnk

[2011/11/20 23:39:42 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/11/20 23:37:56 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1606980848-1658431636-1003UA.job

[2011/11/20 23:37:56 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1606980848-1658431636-1003Core.job

[2011/11/17 01:38:57 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Windows XP Tips - Ramesh.url

[2011/11/17 01:38:45 | 000,007,252 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\admintools.zip

[2011/11/17 01:37:53 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\accrestore.zip

[2011/11/14 23:40:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/11/14 23:40:21 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/11/14 23:34:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/14 23:34:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/14 23:34:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/14 23:34:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/14 23:34:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/11/02 22:21:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/02 16:11:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/11/02 10:17:54 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011/11/02 09:40:27 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk

[2011/11/02 09:40:10 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk

[2011/11/02 09:40:10 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011/11/02 09:40:07 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\System Restore.lnk

[2011/11/02 09:39:59 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk

[2010/10/26 14:45:12 | 000,001,453 | ---- | C] () -- C:\WINDOWS\disney.ini

[2010/08/17 19:53:37 | 000,186,577 | ---- | C] () -- C:\WINDOWS\hpwins23.dat

[2010/08/17 19:53:37 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat

[2010/07/05 17:41:28 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat

[2010/06/25 11:35:08 | 000,109,169 | ---- | C] () -- C:\WINDOWS\hpoins08.dat

[2010/06/25 11:35:08 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat

[2010/05/27 06:21:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/05/27 01:40:55 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\default.rss

[2009/10/14 05:41:12 | 000,059,832 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/09/12 22:02:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/08/10 17:44:48 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini

[2009/07/27 14:47:37 | 000,097,966 | ---- | C] () -- C:\WINDOWS\Publix Preschool Pals Uninstaller.exe

[2009/07/14 06:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI

[2009/06/30 07:24:50 | 000,000,098 | ---- | C] () -- C:\WINDOWS\DMI.INI

[2009/06/23 08:46:08 | 000,000,487 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2009/06/22 09:00:06 | 000,000,519 | ---- | C] () -- C:\WINDOWS\ka.ini

[2009/04/12 23:12:41 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/21 12:47:48 | 000,043,544 | ---- | C] () -- C:\WINDOWS\System32\wups2.dll

[2009/03/21 12:36:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/21 11:32:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/21 11:26:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/21 10:57:36 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll

[2009/03/21 10:57:36 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll

[2009/03/21 10:57:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/03/21 10:57:36 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

[2009/03/21 10:57:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/03/21 06:19:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/21 06:18:26 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/08/10 10:08:48 | 000,024,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys

[2007/02/09 10:59:30 | 000,000,511 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 06:00:00 | 000,472,128 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 06:00:00 | 000,082,932 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/07/27 13:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA

[2009/08/21 23:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo

[2009/03/23 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cozi

[2009/03/21 12:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2010/10/26 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive

[2009/06/01 19:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2010/04/25 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium

[2009/06/01 15:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2010/05/27 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/04/25 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven

[2011/11/02 16:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/04/11 12:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2010/07/14 13:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/10/13 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/08/01 20:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011/03/30 14:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\boySoup

[2011/03/01 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Catalina Marketing Corp

[2011/09/18 21:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/05/26 15:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Fisher-Price

[2010/10/26 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech

[2011/11/02 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan

[2009/10/04 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\School Zone Preferences

[2010/04/25 14:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\ScreenSeven

[2011/02/26 16:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Smilebox

[2011/03/30 14:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\TumblePad

[2011/03/30 14:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\tumblepad_installer

[2009/08/15 12:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

[2009/03/21 14:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Windows Desktop Search

[2009/08/07 11:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Windows Search

========== Purity Check ==========

< End of report >

******* I Cannot get ASWMBR to run. Doing same thing that TDSSKILLER was doing. I see an hourglass for a split second, then nothing... Also, Computer seems to be running slower than before.

Link to post
Share on other sites

Could not see the link, (the box where I enter the websites/links is not visible---dont know why) So,I copied and pasted....

VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼

VirusTotal's website has changed, we need new translations, do you feel like helping the community?

info@virustotal.comSign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.

email

password

Keep me logged in

Sign in

Signing in, please wait...

Login failed, please try again

Forgot your password? Create an account

Edit my profile

View my profile

Inbox

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: qkmz.exe

Submission date: 2011-11-25 00:32:51 (UTC)

Current status: queued queued analysing finished

Result: 20/ 43 (46.5%)

VT Community

not reviewed

Safety score: -

Compact Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.11.24.00 2011.11.24 Trojan/Win32.FakeAV

AntiVir 7.11.18.63 2011.11.24 TR/Obfuscate.OW.124

Antiy-AVL 2.0.3.7 2011.11.24 -

Avast 6.0.1289.0 2011.11.25 Win32:Crypt-KYM [Trj]

AVG 10.0.0.1190 2011.11.24 -

BitDefender 7.2 2011.11.24 Trojan.Generic.6961583

ByteHero 1.0.0.1 2011.11.14 Trojan.Win32.Heur.Gen

CAT-QuickHeal 12.00 2011.11.22 -

ClamAV 0.97.3.0 2011.11.24 -

Commtouch 5.3.2.6 2011.11.24 -

Comodo 10787 2011.11.24 -

DrWeb 5.0.2.03300 2011.11.25 Trojan.FakeAV.10512

Emsisoft 5.1.0.11 2011.11.24 Trojan.Win32.FakeAV!IK

eSafe 7.0.17.0 2011.11.24 Win32.Trojan

eTrust-Vet 37.0.9586 2011.11.24 -

F-Prot 4.6.5.141 2011.11.24 -

F-Secure 9.0.16440.0 2011.11.24 Trojan.Generic.6961583

Fortinet 4.3.370.0 2011.11.24 -

GData 22 2011.11.25 Trojan.Generic.6961583

Ikarus T3.1.1.109.0 2011.11.24 Trojan.Win32.FakeAV

Jiangmin 13.0.900 2011.11.24 -

K7AntiVirus 9.119.5534 2011.11.24 -

Kaspersky 9.0.0.837 2011.11.24 Trojan-FakeAV.Win32.Agent.bnn

McAfee 5.400.0.1158 2011.11.25 FakeAlert-AV2011

McAfee-GW-Edition 2010.1D 2011.11.24 Artemis!76BC33D065FD

Microsoft 1.7801 2011.11.24 VirTool:Win32/Obfuscator.OW

NOD32 6657 2011.11.24 a variant of Win32/Kryptik.VZH

Norman 6.07.13 2011.11.24 -

nProtect 2011-11-24.02 2011.11.24 -

Panda 10.0.3.5 2011.11.24 Trj/CI.A

PCTools 8.0.0.5 2011.11.25 -

Prevx 3.0 2011.11.25 -

Rising 23.85.03.02 2011.11.24 -

Sophos 4.71.0 2011.11.25 Mal/FakeAV-MQ

SUPERAntiSpyware 4.40.0.1006 2011.11.24 Rogue.AVProtection2011

Symantec 20111.2.0.82 2011.11.25 -

TheHacker 6.7.0.1.347 2011.11.24 -

TrendMicro 9.500.0.1008 2011.11.24 -

TrendMicro-HouseCall 9.500.0.1008 2011.11.25 -

VBA32 3.12.16.4 2011.11.24 -

VIPRE 11139 2011.11.25 Trojan.Win32.Generic.pak!cobra

ViRobot 2011.11.24.4791 2011.11.24 -

VirusBuster 14.1.83.1 2011.11.24 -

Additional informationShow all

MD5 : 76bc33d065fdf4dec0e6d5e7656d6759

SHA1 : 90d7b00c35be96f8065468f4aaa8c4295329adc4

SHA256: 04356df2a1426a4b21de9db4bfecac11425e27a72554d1734aa3f2d003cd54ac

ssdeep: 49152:Cvt6TK0xPLsH8wHmvh1NZff8KjlNQAIOUQ4goGjZjJDUtU+EbC4:6t620xPL/6mLHftjl

5Wgo4Zdm

File size : 2939392 bytes

First seen: 2011-11-25 00:32:51

Last seen : 2011-11-25 00:32:51

TrID:

Generic Win/DOS Executable (49.9%)

DOS Executable Generic (49.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x7058

timedatestamp....: 0x0 (Thu Jan 01 00:00:00 1970)

machinetype......: 0x14c (I386)

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x2BD000, 0x2BCA00, 6.41, 024e87ede6eabdc93ba2702e8ae4595e

.rdata, 0x2BE000, 0xA000, 0x9800, 5.84, 234e68b0aff78d42a17d19b5cc5a51ba

.data, 0x2C8000, 0x24F000, 0x3E00, 2.52, 6cb54dc660dbd3d5a682f4b6e23a242c

.idata, 0x517000, 0x1000, 0x1000, 5.10, d9ed3c8e7ef97c3f248994f4baad7199

.rsrc, 0x518000, 0x2000, 0x1A00, 6.20, 1d2ac46572e22209ba8bed7c1f54155e

[[ 7 import(s) ]]

ADVAPI32.dll: DeregisterEventSource, GetTokenInformation, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExA, RegQueryValueExW, RegSetValueExW, RegisterEventSourceW, ReportEventW

GDI32.dll: DeleteObject

KERNEL32.dll: CloseHandle, CompareStringW, CreateEventW, CreateFileMappingW, CreateFileW, CreateThread, DeleteCriticalSection, DeleteFileW, DisableThreadLibraryCalls, EnterCriticalSection, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindNextFileW, FindResourceW, FlushFileBuffers, FormatMessageW, FreeLibrary, GetFileAttributesW, GetFileSize, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetPriorityClass, GetProcAddress, GetProcessHeap, GetSystemDefaultUILanguage, GetSystemTimeAsFileTime, GetTickCount, GetUserDefaultLCID, GetUserDefaultUILanguage, GetVersion, GetVersionExW, GlobalAlloc, GlobalFree, HeapAlloc, HeapDestroy, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSection, InterlockedCompareExchange, InterlockedExchange, IsDebuggerPresent, IsValidCodePage, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalAlloc, LocalFree, LockResource, MapViewOfFile, MoveFileW, MultiByteToWideChar, OpenMutexW, OpenProcess, OutputDebugStringA, QueryPerformanceCounter, RaiseException, ReleaseMutex, ReleaseSemaphore, SearchPathW, SetEvent, SetLastError, SetPriorityClass, SetUnhandledExceptionFilter, SizeofResource, Sleep, TerminateProcess, UnhandledExceptionFilter, UnmapViewOfFile, VirtualProtect, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiW, lstrlenA, lstrlenW

msi.dll: -

ole32.dll: StgOpenStorageOnILockBytes, PropVariantCopy, PropVariantClear, CreateStreamOnHGlobal, CoWaitForMultipleHandles, StringFromGUID2, CoTaskMemRealloc, CoTaskMemFree, CoTaskMemAlloc, CoInitializeEx, CoCreateInstance, CLSIDFromString, CoUninitialize

OLEAUT32.dll: -, -, -, -, -, -, -, -, -

USER32.dll: LoadStringW, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, CharNextW

[[ 4 export(s) ]]

FreeGlobalObjects, GetContextSpellingSession, GetNextToken, RunCssWordBreaker

ExifTool:

file metadata

CodeSize: 2871296

EntryPoint: 0x7058

FileSize: 2.8 MB

FileType: Win32 EXE

ImageVersion: 0.0

InitializedDataSize: 2473984

LinkerVersion: 8.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

PEType: PE32

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 0000:00:00 00:00:00

UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold

text -- italics

text -- underline

text -- strikethrough

text

-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware Malware Spam attachment/link

P2P download Propagating via IM Network worm

Drive-by-download

Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.

Preview commentEdit comment Post comment Posting comment...

Comment successfully posted

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com- TOS & Privacy Policy

Link to post
Share on other sites

Thanks!

First uninstall this application Cozi Outlook Toolbar and then:

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0
[2011/01/16 22:44:09 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\hzs7kf7j.default\extensions\toolbar@shopathome.com
O4 - Startup: C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
[2011/11/02 09:41:49 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/02 09:40:28 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk
[2011/11/02 09:40:10 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/02 09:40:10 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/02 09:40:07 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\System Restore.lnk
[2011/11/22 21:43:57 | 002,939,392 | ---- | M] () -- D:\My Documents\qkmz.exe

:file
C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

:Commands
[emptytemp]
[clearallrestorepoints]
[createrestorepoint]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.