Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Presumed infection prevents virus signature auto update


  • This topic is locked This topic is locked
16 replies to this topic

#1 oldrunner

oldrunner

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 05 September 2010 - 03:14 PM

Hi,
Early last month I upgraded my anti malware software and found that 1) the first scan took about 2 days and 2) the auto updates and auto updates features weren't working. I had also noticed that it was sometimes impossible to open my browser without first rebooting. I opened a ticket with the vendor's support service and went through about three weeks of diagnosis and cleanup activities.

Combofix found and quarantined, what I believe was a trojan (maybe a root kit - I'm a bit shaky on the terminology). The problems persisted and the vendor seemed to have given up on me. I got no more responses from the guy working on my ticket. I uninstalled the software and installed another vendor's product and am a week or so into a month's free trial. The scan is much quicker but I still have to manually update signatures.

I'm pretty sure I'm still infected. For example, I've spent that last couple of days trying to run GMER. I aborted the first scan because it was running so slowly. GMER froze when I tried to save another scan. The last two scans I left running: one overnight the other while I was out doing errands. Both ended in a reboot of my machine. This is the Microsoft error message:
Error Signature:
BCCode : 4e BCP1 : 00000007 BCP2 : 00003284 BCP3 : 00000002
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1



DDS (Ver_10-03-17.01) - NTFSx86
Run by Ken at 9:08:25.31 on Sat 09/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2502 [GMT -4:00]

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\LaCie\Backup Software\LacieBackup.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Ken\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\ken\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
StartupFolder: c:\docume~1\ken\startm~1\programs\startup\mozyst~1.lnk - c:\program files\mozy\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozy\mozystat.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161898885125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ken\applic~1\mozilla\firefox\profiles\nh4s48nb.ken's new profile\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\ken\application data\mozilla\firefox\profiles\nh4s48nb.ken's new profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\ken\application data\mozilla\firefox\profiles\nh4s48nb.ken's new profile\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\ken\application data\mozilla\firefox\profiles\nh4s48nb.ken's new profile\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\ken\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\ken\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 FD;FD;c:\windows\system32\drivers\FD.sys [2007-7-20 24179]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-8-31 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-31 212568]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-6 528128]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-3-29 72672]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-6-28 583640]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-8-17 582992]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-8-31 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584]
R2 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2010-8-19 27640]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-8-17 206608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-21 133104]
S3 mxInsMon;mxInsMon;c:\progra~1\ontrack\system~1\mxInsMon.sys [2001-8-20 18736]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-8-17 206608]
UnknownUnknown dsload;dsload; [x]

=============== Created Last 30 ================

2010-09-04 13:06:48 0 ----a-w- c:\documents and settings\ken\defogger_reenable
2010-09-01 01:59:00 105 ----a-w- c:\docume~1\ken\applic~1\netstat.bat
2010-08-31 21:52:26 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-08-31 21:52:25 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-08-31 21:45:01 0 d-----w- c:\docume~1\ken\applic~1\Sunbelt
2010-08-31 21:42:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-08-31 21:40:27 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-08-31 21:40:20 0 d-----w- c:\program files\Sunbelt Software
2010-08-31 00:26:48 0 d-----w- c:\documents and settings\all users\Temp
2010-08-20 13:18:40 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-08-19 23:16:37 27640 ----a-w- c:\windows\system32\drivers\skmscan.sys
2010-08-19 23:15:20 0 d-----w- c:\program files\Sophos
2010-08-19 21:01:25 98816 ----a-w- c:\windows\sed.exe
2010-08-19 21:01:25 77312 ----a-w- c:\windows\MBR.exe
2010-08-19 21:01:25 256512 ----a-w- c:\windows\PEV.exe
2010-08-19 21:01:25 161792 ----a-w- c:\windows\SWREG.exe
2010-08-19 21:01:17 0 d-----w- C:\ComboFix
2010-08-19 20:50:39 0 d-----w- c:\windows\RegBak
2010-08-18 20:19:49 0 d-----w- C:\VIPRERESCUE
2010-08-18 00:09:25 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-18 00:09:25 0 d-----w- c:\documents and settings\ken\log
2010-08-18 00:06:08 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-08-17 23:55:26 0 d-----w- c:\program files\Trend Micro
2010-08-12 18:29:48 2772992 ----a-w- c:\windows\system32\GPhotos.scr
2010-08-06 14:16:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-06 12:59:53 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-08-05 14:05:54 81 ----a-w- C:\CTX.DAT

==================== Find3M ====================

2010-09-04 12:33:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 19:42:45 40968 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-08-24 19:17:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

============= FINISH: 9:09:01.71 ===============

Thank you very much for your attention to this problem.

Ken

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:05 AM

Posted 13 September 2010 - 04:27 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 oldrunner

oldrunner
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 September 2010 - 03:38 PM

Hi Elise,

Here are my results:

QUOTE(elise025 @ Sep 13 2010, 05:27 AM) View Post
Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened OTL logfile created on: 9/13/2010 4:23:11 PM - Run 1
      OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Ken\Desktop
      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

      3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
      5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
      Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 232.88 Gb Total Space | 106.38 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      Drive H: | 29.79 Gb Total Space | 29.64 Gb Free Space | 99.51% Space Free | Partition Type: FAT32
      Drive I: | 435.96 Gb Total Space | 147.51 Gb Free Space | 33.84% Space Free | Partition Type: NTFS
      Drive J: | 931.51 Gb Total Space | 861.69 Gb Free Space | 92.50% Space Free | Partition Type: NTFS

      Computer Name: SARAHKEN02
      Current User Name: Ken
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: All users
      Company Name Whitelist: On
      Skip Microsoft Files: On
      File Age = 90 Days
      Output = Standard
      Quick Scan

      ========== Processes (SafeList) ==========

      PRC - [2010/09/13 16:22:27 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\Desktop\OTL.exe
      PRC - [2010/09/02 20:58:56 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      PRC - [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
      PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
      PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
      PRC - [2010/08/19 08:46:42 | 003,512,120 | ---- | M] (Mozy, Inc.) -- C:\Program Files\Mozy\mozystat.exe
      PRC - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      PRC - [2010/07/20 21:22:56 | 001,038,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      PRC - [2010/06/15 07:09:48 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
      PRC - [2010/06/15 07:09:44 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
      PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      PRC - [2010/03/17 16:47:24 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
      PRC - [2009/11/11 10:21:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
      PRC - [2009/01/30 15:05:06 | 000,078,136 | ---- | M] (Mozy, Inc.) -- C:\Program Files\Mozy\mozybackup.exe
      PRC - [2008/11/06 11:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
      PRC - [2008/11/06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
      PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
      PRC - [2007/08/22 17:36:04 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
      PRC - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      PRC - [2006/01/09 13:56:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe


      ========== Modules (SafeList) ==========

      MOD - [2010/09/13 16:22:27 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\Desktop\OTL.exe
      MOD - [2010/06/15 07:09:52 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
      MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
      MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
      MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


      ========== Win32 Services (SafeList) ==========

      SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
      SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
      SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
      SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
      SRV - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
      SRV - [2010/06/15 07:09:48 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
      SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
      SRV - [2009/11/11 10:21:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
      SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
      SRV - [2009/01/30 15:05:06 | 000,078,136 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Program Files\Mozy\mozybackup.exe -- (MozyBackup)
      SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
      SRV - [2008/11/06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
      SRV - [2007/04/13 12:20:21 | 000,097,432 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
      SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
      SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
      SRV - [2006/01/09 13:56:04 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
      SRV - [2001/09/03 13:35:02 | 000,118,784 | ---- | M] (Ontrack Data International) [Disabled | Stopped] -- C:\Program Files\Ontrack\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)


      ========== Driver Services (SafeList) ==========

      DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ken\LOCALS~1\Temp\catchme.sys -- (catchme)
      DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdpredir.sys -- (bdpredir)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
      DRV - [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
      DRV - [2010/06/15 07:09:40 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
      DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
      DRV - [2010/06/14 14:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
      DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
      DRV - [2010/05/24 15:52:16 | 000,027,640 | ---- | M] (Sophos Plc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\skmscan.sys -- (SKMScan)
      DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
      DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
      DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
      DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
      DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
      DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
      DRV - [2007/07/20 16:08:41 | 000,024,179 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FD.sys -- (FD)
      DRV - [2007/05/31 06:20:34 | 000,010,848 | ---- | M] (Oracle Corp.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\dsload.sys -- (dsload)
      DRV - [2006/12/14 09:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
      DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
      DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
      DRV - [2006/08/30 11:09:00 | 000,022,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel®
      DRV - [2006/07/29 11:20:28 | 000,043,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
      DRV - [2006/06/05 13:49:08 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
      DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
      DRV - [2006/05/26 07:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
      DRV - [2005/12/02 17:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
      DRV - [2004/08/17 09:46:44 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
      DRV - [2003/11/03 16:39:10 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
      DRV - [2001/08/20 10:03:28 | 000,018,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Ontrack\SystemSuite\mxinsmon.sys -- (mxInsMon)
      DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


      IE - HKU\.DEFAULT\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "Google"
      FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.startup.homepage: "www.yahoo.com"


      FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/08/10 16:26:07 | 000,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 22:09:07 | 000,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 22:09:07 | 000,000,000 | ---D | M]

      [2008/06/22 13:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Mozilla\Extensions
      [2010/09/08 17:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\7nj997rg.default\extensions
      [2008/06/22 13:02:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\7nj997rg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      [2008/12/13 10:05:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\7nj997rg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
      [2010/09/12 12:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\nh4s48nb.Ken's New Profile\extensions
      [2010/09/07 17:38:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\nh4s48nb.Ken's New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      [2010/09/01 17:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\nh4s48nb.Ken's New Profile\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
      [2010/08/18 21:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\nh4s48nb.Ken's New Profile\extensions\Access Privileges Test
      [2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\7nj997rg.default\searchplugins\askcom.xml
      [2010/09/13 08:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
      [2010/05/06 16:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
      [2010/08/06 10:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
      [2008/01/19 22:14:31 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
      [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
      [2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
      [2008/10/15 23:02:23 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

      O1 HOSTS File: ([2010/08/29 12:28:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
      O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.
      O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
      O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
      O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O3 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O3 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
      O3 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
      O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
      O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
      O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
      O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
      O4 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\Mozy\mozystat.exe (Mozy, Inc.)
      O4 - Startup: C:\Documents and Settings\Ken\Start Menu\Programs\Startup\Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe (Mozy, Inc.)
      O4 - Startup: C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE (Palm, Inc.)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O7 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/12/25 13:12:42 | 000,000,000 | ---D | M]
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
      O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
      O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
      O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
      O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
      O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
      O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/12/25 13:12:42 | 000,000,000 | ---D | M]
      O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/12/25 13:12:42 | 000,000,000 | ---D | M]
      O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/12/25 13:12:42 | 000,000,000 | ---D | M]
      O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O15 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\..Trusted Domains: aol.com ([free] http in Trusted sites)
      O15 - HKU\S-1-5-21-3942706726-3537340895-1898439408-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1161898885125 (MUWebControl Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
      O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.243.0.12 68.237.161.12
      O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O24 - Desktop WallPaper: C:\Documents and Settings\Ken\My Documents\My Pictures\Picasa Edits\picasabackground.bmp
      O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken\My Documents\My Pictures\Picasa Edits\picasabackground.bmp
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/08/22 12:50:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *) - File not found
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = ComFile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      ========== Files/Folders - Created Within 90 Days ==========

      [2010/09/13 16:22:24 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\Desktop\OTL.exe
      [2010/09/12 11:45:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
      [2010/09/11 09:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Desktop\RootkitRevealer
      [2010/09/08 17:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\SurfSecret Privacy Suite
      [2010/09/08 17:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Desktop\gmer
      [2010/09/06 11:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Panda Security
      [2010/09/06 11:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
      [2010/09/06 11:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
      [2010/09/04 16:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\InstallShield
      [2010/08/31 17:52:26 | 000,069,976 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
      [2010/08/31 17:52:25 | 000,021,464 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
      [2010/08/31 17:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Sunbelt
      [2010/08/31 17:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
      [2010/08/31 17:40:27 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
      [2010/08/31 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
      [2010/08/30 20:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Temp
      [2010/08/20 14:49:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
      [2010/08/20 09:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Desktop\tdsskiller
      [2010/08/20 09:18:40 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
      [2010/08/19 19:16:37 | 000,027,640 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\skmscan.sys
      [2010/08/19 19:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
      [2010/08/19 17:19:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
      [2010/08/19 17:01:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
      [2010/08/19 17:01:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
      [2010/08/19 17:01:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
      [2010/08/19 17:01:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
      [2010/08/19 17:01:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
      [2010/08/19 17:01:17 | 000,000,000 | ---D | C] -- C:\ComboFix
      [2010/08/19 17:00:09 | 000,000,000 | ---D | C] -- C:\Qoobox
      [2010/08/19 16:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegBak
      [2010/08/19 16:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Desktop\regbak
      [2010/08/18 16:19:49 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
      [2010/08/17 20:09:25 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
      [2010/08/17 20:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\log
      [2010/08/17 20:06:08 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
      [2010/08/17 20:03:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\Desktop\scanner.exe
      [2010/08/17 19:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
      [2010/08/17 19:54:41 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\Desktop\HJTInstall.exe
      [2010/08/17 19:51:03 | 005,183,576 | ---- | C] (Sammsoft ) -- C:\Documents and Settings\Ken\Desktop\ARO2010_mt.exe
      [2010/08/04 16:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
      [2010/08/01 17:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
      [2010/08/01 17:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Local Settings\Application Data\PackageAware
      [2010/07/17 15:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Desktop\2010-07-17
      [2010/07/16 08:44:51 | 001,870,800 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\Desktop\HousecallLauncher.exe
      [2010/07/16 07:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\QuickScan
      [2010/07/15 20:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
      [2010/07/15 08:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\smkits
      [2010/07/04 17:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Local Settings\Application Data\Yahoo!
      [2010/06/29 21:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
      [2010/06/29 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
      [2010/06/29 21:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
      [2010/06/28 17:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Desktop Maestro
      [2010/06/28 17:06:19 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
      [2010/06/28 17:06:19 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
      [2010/06/28 17:06:19 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
      [2010/06/28 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
      [2010/06/28 17:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Maestro
      [2010/06/26 09:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Desktop\2010-06-26
      [2010/06/23 17:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Malwarebytes
      [2010/06/23 17:24:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
      [2010/06/23 17:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      [2010/06/23 17:24:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
      [2010/06/23 17:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2010/06/23 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
      [2010/06/23 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
      [2010/06/23 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
      [2010/06/23 17:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
      [2010/06/23 16:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

      ========== Files - Modified Within 90 Days ==========

      [2010/09/13 16:22:27 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\Desktop\OTL.exe
      [2010/09/13 16:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
      [2010/09/13 16:00:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3942706726-3537340895-1898439408-1005UA.job
      [2010/09/13 15:56:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2010/09/13 13:30:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
      [2010/09/13 10:19:39 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
      [2010/09/13 10:00:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3942706726-3537340895-1898439408-1005Core.job
      [2010/09/13 07:53:38 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
      [2010/09/13 07:53:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2010/09/12 22:07:42 | 000,006,948 | ---- | M] () -- C:\WINDOWS\mozy.flt
      [2010/09/12 22:07:42 | 000,006,932 | ---- | M] () -- C:\WINDOWS\mozy.blk
      [2010/09/12 21:59:54 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2010/09/12 21:59:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
      [2010/09/12 21:59:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2010/09/12 20:28:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
      [2010/09/12 08:43:38 | 000,001,133 | ---- | M] () -- C:\WINDOWS\win.ini
      [2010/09/11 22:58:23 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Ken\NTUSER.DAT
      [2010/09/11 22:58:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ken\ntuser.ini
      [2010/09/11 22:58:09 | 010,744,538 | -H-- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db
      [2010/09/11 17:25:08 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\Sophos TDL3KMem-A Cleanup Tool.lnk
      [2010/09/11 09:03:37 | 000,231,390 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\RootkitRevealer.zip
      [2010/09/09 20:01:09 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\Google Chrome.lnk
      [2010/09/09 20:01:09 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
      [2010/09/08 16:42:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
      [2010/09/07 18:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [2010/09/07 15:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro.job
      [2010/09/06 11:47:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kanguru_SAP\FD.exe
      [2010/09/06 11:21:43 | 000,242,176 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\PandaCloudAntivirus.exe
      [2010/09/05 17:19:43 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Lightroom 3.2.lnk
      [2010/09/05 15:43:06 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\error signature after sponteneous reboot GMER.doc
      [2010/09/05 04:31:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
      [2010/09/04 14:10:44 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
      [2010/09/04 09:14:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\grrr.exe
      [2010/09/04 09:06:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ken\defogger_reenable
      [2010/09/04 08:57:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\gmer.zip
      [2010/09/04 08:57:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\dds.scr
      [2010/09/04 08:56:33 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\Defogger.exe
      [2010/09/03 15:39:10 | 001,135,080 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\yahoomailuploader_0.5.exe
      [2010/09/03 13:20:57 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
      [2010/09/01 20:17:01 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
      [2010/09/01 17:54:10 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.2.lnk
      [2010/09/01 16:57:15 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
      [2010/08/31 23:17:02 | 447,528,344 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\100822-S4680-WEINSTEIN-8108(2).zip
      [2010/08/31 21:59:00 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\netstat.bat
      [2010/08/31 17:40:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
      [2010/08/29 14:08:17 | 000,524,104 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\System Event.evt
      [2010/08/29 14:05:26 | 000,524,240 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\Application log.evt
      [2010/08/29 12:28:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
      [2010/08/21 09:33:36 | 001,354,240 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\2007_Tax_Commitment (1).xls
      [2010/08/21 09:33:18 | 001,354,240 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\2007_Tax_Commitment.xls
      [2010/08/21 08:00:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\ub2k0vvc.exe
      [2010/08/21 06:36:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
      [2010/08/20 18:20:13 | 026,363,512 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\wlogs_100813-000217_08-20-2010-03.55PM.zip
      [2010/08/20 18:17:59 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\PUTTY.RND
      [2010/08/20 15:33:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\vepk3jpu.exe
      [2010/08/20 08:47:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
      [2010/08/19 17:24:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
      [2010/08/19 16:54:41 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\webroot disinfect.doc
      [2010/08/19 16:48:03 | 000,313,708 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\regbak.zip
      [2010/08/18 22:12:30 | 094,105,600 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\VIPRERescue6752.exe
      [2010/08/18 21:45:35 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\tluety10.exe
      [2010/08/17 20:09:21 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
      [2010/08/17 20:03:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\Desktop\scanner.exe
      [2010/08/17 19:55:31 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\HijackThis.lnk
      [2010/08/17 19:54:47 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\Desktop\HJTInstall.exe
      [2010/08/17 19:51:24 | 005,183,576 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\Ken\Desktop\ARO2010_mt.exe
      [2010/08/16 17:02:49 | 000,000,220 | -HS- | M] () -- C:\boot.ini
      [2010/08/15 11:09:37 | 000,179,712 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\ZBAgenda13Dec06 (1).doc
      [2010/08/15 11:09:22 | 000,179,712 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\ZBAgenda13Dec06.doc
      [2010/08/13 11:39:34 | 003,499,798 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\wlogs_100813-000217_08-13-2010-09.37AM.zip
      [2010/08/13 09:33:25 | 001,607,616 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\wlogs.exe
      [2010/08/13 09:24:25 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\TurnDebugONorOFF.zip
      [2010/08/12 19:16:45 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
      [2010/08/12 17:01:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
      [2010/08/12 16:50:59 | 000,505,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
      [2010/08/12 16:50:59 | 000,444,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2010/08/12 16:50:59 | 000,072,384 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2010/08/07 16:23:23 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
      [2010/08/07 16:23:23 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
      [2010/08/06 14:43:02 | 004,186,756 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\LREnfuse.lrplugin.zip
      [2010/08/06 09:09:23 | 000,417,101 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
      [2010/08/06 09:07:08 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\ZoneAlarm Security.lnk
      [2010/08/05 10:05:54 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
      [2010/08/04 16:18:54 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\SpeedFan.lnk
      [2010/08/04 16:18:51 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
      [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
      [2010/07/25 21:58:00 | 000,001,286 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\TurnDebugOn.reg
      [2010/07/25 09:57:56 | 000,025,601 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
      [2010/07/19 09:52:26 | 000,028,176 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
      [2010/07/17 17:20:37 | 000,000,176 | -H-- | M] () -- C:\WINDOWS\NsNetScan.ini
      [2010/07/17 17:01:37 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Prestopm.INI
      [2010/07/16 15:42:45 | 000,040,968 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
      [2010/07/16 09:38:48 | 000,064,136 | ---- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      [2010/07/16 08:44:55 | 001,870,800 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\Desktop\HousecallLauncher.exe
      [2010/07/09 16:10:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
      [2010/06/29 21:48:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
      [2010/06/29 21:34:21 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
      [2010/06/28 17:06:22 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Maestro.lnk
      [2010/06/27 11:48:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\Microsoft Office Word 2003.lnk
      [2010/06/15 16:50:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp79805.FOT
      [2010/06/15 16:50:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp40905.FOT
      [2010/06/15 16:50:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp32905.FOT

      ========== Files Created - No Company Name ==========

      [2010/09/11 09:03:36 | 000,231,390 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\RootkitRevealer.zip
      [2010/09/06 11:21:43 | 000,242,176 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\PandaCloudAntivirus.exe
      [2010/09/05 17:19:43 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Lightroom 3.2.lnk
      [2010/09/05 15:42:54 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\error signature after sponteneous reboot GMER.doc
      [2010/09/04 14:10:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
      [2010/09/04 09:06:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ken\defogger_reenable
      [2010/09/04 08:57:42 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\gmer.zip
      [2010/09/04 08:57:10 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\dds.scr
      [2010/09/04 08:56:33 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\Defogger.exe
      [2010/09/03 15:39:09 | 001,135,080 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\yahoomailuploader_0.5.exe
      [2010/09/01 17:54:10 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.2.lnk
      [2010/08/31 21:59:00 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Ken\Application Data\netstat.bat
      [2010/08/31 21:37:52 | 447,528,344 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\100822-S4680-WEINSTEIN-8108(2).zip
      [2010/08/31 17:40:28 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
      [2010/08/29 14:08:17 | 000,524,104 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\System Event.evt
      [2010/08/29 14:05:26 | 000,524,240 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\Application log.evt
      [2010/08/21 09:33:36 | 001,354,240 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\2007_Tax_Commitment (1).xls
      [2010/08/21 09:33:13 | 001,354,240 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\2007_Tax_Commitment.xls
      [2010/08/21 08:00:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\ub2k0vvc.exe
      [2010/08/20 18:09:47 | 026,363,512 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\wlogs_100813-000217_08-20-2010-03.55PM.zip
      [2010/08/20 15:33:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\vepk3jpu.exe
      [2010/08/19 19:16:31 | 000,002,559 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\Sophos TDL3KMem-A Cleanup Tool.lnk
      [2010/08/19 17:01:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
      [2010/08/19 17:01:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
      [2010/08/19 17:01:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
      [2010/08/19 17:01:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
      [2010/08/19 16:54:41 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\webroot disinfect.doc
      [2010/08/19 16:48:03 | 000,313,708 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\regbak.zip
      [2010/08/18 21:45:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\tluety10.exe
      [2010/08/18 16:07:34 | 094,105,600 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\VIPRERescue6752.exe
      [2010/08/17 19:55:28 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\HijackThis.lnk
      [2010/08/17 09:55:38 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3942706726-3537340895-1898439408-1005UA.job
      [2010/08/15 11:09:37 | 000,179,712 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\ZBAgenda13Dec06 (1).doc
      [2010/08/15 11:09:18 | 000,179,712 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\ZBAgenda13Dec06.doc
      [2010/08/14 17:34:43 | 000,002,305 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\Google Chrome.lnk
      [2010/08/14 17:34:43 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
      [2010/08/14 17:31:17 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3942706726-3537340895-1898439408-1005Core.job
      [2010/08/13 11:37:22 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\PUTTY.RND
      [2010/08/13 11:35:26 | 003,499,798 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\wlogs_100813-000217_08-13-2010-09.37AM.zip
      [2010/08/13 09:33:06 | 001,607,616 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\wlogs.exe
      [2010/08/13 09:25:32 | 000,001,286 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\TurnDebugOn.reg
      [2010/08/13 09:24:24 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\TurnDebugONorOFF.zip
      [2010/08/06 14:42:47 | 004,186,756 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\LREnfuse.lrplugin.zip
      [2010/08/06 09:07:08 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\ZoneAlarm Security.lnk
      [2010/08/05 10:05:54 | 000,000,081 | ---- | C] () -- C:\CTX.DAT
      [2010/08/04 16:18:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\SpeedFan.lnk
      [2010/08/04 16:18:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
      [2010/08/01 17:10:57 | 000,028,176 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
      [2010/07/15 20:47:32 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
      [2010/06/29 21:48:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
      [2010/06/28 17:06:22 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Maestro.lnk
      [2010/06/23 17:24:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
      [2010/06/15 16:50:51 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp79805.FOT
      [2010/06/15 16:50:51 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp40905.FOT
      [2010/06/15 16:50:51 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp32905.FOT
      [2010/04/01 21:36:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\housecall.guid.cache
      [2008/12/09 06:22:37 | 000,000,026 | ---- | C] () -- C:\WINDOWS\startUp manager.INI
      [2008/03/29 09:32:27 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
      [2007/07/26 17:40:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
      [2007/07/20 16:08:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\keyword.dll
      [2007/07/20 16:08:41 | 000,024,179 | ---- | C] () -- C:\WINDOWS\System32\drivers\FD.sys
      [2007/07/20 16:08:41 | 000,000,114 | ---- | C] () -- C:\WINDOWS\MsMssrv.ini
      [2007/07/20 16:08:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\swbn01.ini
      [2007/07/18 12:11:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
      [2007/06/20 19:09:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
      [2007/05/24 22:24:21 | 000,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
      [2007/04/05 20:53:27 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
      [2007/04/05 20:53:26 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
      [2007/03/04 15:59:23 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
      [2007/02/24 13:02:17 | 000,000,068 | ---- | C] () -- C:\WINDOWS\wininit.ini
      [2007/02/19 10:32:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
      [2007/02/19 10:03:13 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
      [2006/10/26 18:02:15 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
      [2006/10/26 18:02:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
      [2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
      [2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
      [2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
      [2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
      [2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
      [2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
      [2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
      [2006/10/21 10:57:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
      [2006/10/19 17:31:28 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
      [2006/10/18 16:21:21 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
      [2006/10/15 15:47:25 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2006/10/14 15:12:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
      [2006/10/14 13:52:04 | 000,000,752 | ---- | C] () -- C:\WINDOWS\maxlink.ini
      [2006/10/14 13:31:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
      [2006/10/14 13:31:12 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
      [2006/10/14 13:31:12 | 000,000,084 | ---- | C] () -- C:\WINDOWS\PM20.INI
      [2006/10/14 13:30:59 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
      [2006/10/14 13:30:28 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
      [2006/10/12 17:50:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
      [2006/10/12 17:16:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ISB.DLL
      [2006/10/11 21:53:19 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\fusioncache.dat
      [2006/10/11 21:28:37 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
      [2006/10/11 19:45:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
      [2006/10/09 10:10:47 | 000,001,296 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
      [2006/10/09 10:08:47 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
      [2006/10/09 10:08:47 | 000,061,440 | ---- | C] () -- C:\WINDOWS\String.dll
      [2006/10/09 10:08:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
      [2006/08/22 14:42:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
      [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
      [2001/09/10 02:04:10 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
      [1998/01/09 09:58:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
      [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

      ========== LOP Check ==========

      [2010/07/15 16:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ontrack
      [2006/08/22 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
      [2006/08/22 14:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
      [2006/10/16 16:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
      [2008/02/14 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
      [2006/10/11 21:28:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
      [2010/01/02 17:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
      [2007/06/22 15:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
      [2006/11/05 14:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
      [2008/11/08 14:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
      [2010/09/06 11:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
      [2010/01/18 17:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
      [2006/10/14 13:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
      [2006/10/14 13:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
      [2010/09/10 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
      [2009/03/14 11:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
      [2010/04/18 15:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      [2009/10/03 12:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
      [2009/04/06 17:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
      [2006/08/22 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Simple Star
      [2006/08/22 14:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Snapfish
      [2009/10/03 06:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Blitware
      [2010/09/11 12:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Canon
      [2009/10/01 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\CheckPoint
      [2007/06/25 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Command & Conquer 3 Tiberium Wars
      [2009/02/07 23:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\ContentGuard
      [2010/06/28 17:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Desktop Maestro
      [2007/07/29 14:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Desktop Mechanic
      [2010/02/03 18:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\gtk-2.0
      [2009/01/17 16:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\LaCie
      [2006/10/12 16:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Leadertech
      [2006/11/05 23:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\MotionBased
      [2007/02/19 10:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\NewSoft
      [2009/04/25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\NSBackup
      [2006/10/14 13:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Ontrack
      [2007/06/23 13:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Opera
      [2010/09/06 11:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Panda Security
      [2010/09/12 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\QuickScan
      [2006/10/14 13:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\ScanSoft
      [2006/08/22 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Simple Star
      [2010/07/15 08:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\smkits
      [2006/10/16 17:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Snapfish
      [2010/09/08 17:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\SurfSecret Privacy Suite
      [2009/10/03 06:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\SystemRequirementsLab
      [2008/12/06 11:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Systweak
      [2006/10/22 22:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ontrack
      [2007/06/19 13:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Canon
      [2009/11/22 09:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\CheckPoint
      [2007/02/19 15:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\NewSoft
      [2006/10/22 11:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Ontrack
      [2006/08/22 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Simple Star
      [2006/08/22 14:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Snapfish
      [2010/09/05 04:31:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
      [2010/09/07 15:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro.job
      [2010/09/13 16:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

      ========== Purity Check ==========



      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ken\Desktop\VIPRERescue6752.exe:SummaryInformation
      @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
      @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3
      < End of report >
    • Extra.txt <-- Will be minimized
      OTL Extras logfile created on: 9/13/2010 4:23:11 PM - Run 1
      OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Ken\Desktop
      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

      3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
      5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
      Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 232.88 Gb Total Space | 106.38 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      Drive H: | 29.79 Gb Total Space | 29.64 Gb Free Space | 99.51% Space Free | Partition Type: FAT32
      Drive I: | 435.96 Gb Total Space | 147.51 Gb Free Space | 33.84% Space Free | Partition Type: NTFS
      Drive J: | 931.51 Gb Total Space | 861.69 Gb Free Space | 92.50% Space Free | Partition Type: NTFS

      Computer Name: SARAHKEN02
      Current User Name: Ken
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: All users
      Company Name Whitelist: On
      Skip Microsoft Files: On
      File Age = 90 Days
      Output = Standard
      Quick Scan

      ========== Extra Registry (SafeList) ==========


      ========== File Associations ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

      [HKEY_USERS\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Classes\<extension>]
      .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

      ========== Shell Spawning ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      exefile [open] -- "%1" %*
      htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
      https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
      Directory [File Finder...] -- C:\Program Files\Ontrack\PowerDesk\pdfind.exe /PATH:%1 (Ontrack Data International)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
      Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

      ========== Security Center Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "FirstRunDisabled" = 1
      "AntiVirusDisableNotify" = 0
      "FirewallDisableNotify" = 0
      "UpdatesDisableNotify" = 0
      "AntiVirusOverride" = 1
      "FirewallOverride" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring" = 1

      ========== Firewall Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "EnableFirewall" = 0

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
      "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
      "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
      "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
      "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
      "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
      "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall" = 0
      "DoNotAllowExceptions" = 0

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
      "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
      "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
      "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
      "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
      "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
      "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
      "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

      ========== Authorized Applications List ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe" = C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe:*:Enabled:Rise Of Legends -- (Big Huge Games, Inc.)
      "C:\Program Files\THQ\Dawn Of War\W40k.exe" = C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k -- File not found
      "C:\Program Files\ScanSoft\PaperPort\WebEreg\NAVBrowser.exe" = C:\Program Files\ScanSoft\PaperPort\WebEreg\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
      "C:\Program Files\THQ\Dawn of War - Dark Crusade Demo\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade Demo\DarkCrusade.exe:*:Enabled:DarkCrusade -- File not found
      "C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- File not found
      "C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- File not found
      "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
      "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
      "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
      "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
      "C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe" = C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe:*:Disabled:NewSoft Network Group -- (NewSoft Technology Corporation)
      "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander -- File not found
      "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
      "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
      "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
      "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
      "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
      "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


      ========== HKEY_LOCAL_MACHINE Uninstall List ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
      "{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA nStant Media
      "{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
      "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
      "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
      "{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
      "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
      "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
      "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
      "{1D8DDC8E-E02F-42F0-9074-F8E99F6C5C65}" = OntrackŪ SystemSuite 4.0
      "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
      "{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
      "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
      "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
      "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
      "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
      "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
      "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
      "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
      "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
      "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
      "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
      "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
      "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
      "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
      "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
      "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
      "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
      "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
      "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
      "{395AD660-EAA2-012B-ADE3-000000000000}" = TurboTax 2009 wmaiper
      "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
      "{403EF592-953B-4794-BCEF-ECAB835C2095}" =
      "{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{4C7E5204-EE48-4F10-BC65-04FA36713B6D}" = Manual CanoScan 5000,5000F,8000F
      "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
      "{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}" =
      "{580183A6-FF92-11D5-9294-0050BA073EEC}" = Presto! PageManager 6
      "{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}" = LaCie Backup Software v1.5.2378
      "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
      "{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
      "{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
      "{63A317D0-60A6-43FC-848A-9FE4A53B29CE}" =
      "{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
      "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
      "{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
      "{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}" = MotionBased Agent
      "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
      "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
      "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
      "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
      "{810EDD9E-2F0A-4E2B-ACF8-6673C38D9F48}" = Sophos TDL3KMem-A Cleanup Tool
      "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
      "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
      "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
      "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{8A42F680-2DD6-11D4-9A8C-0040F6982C20}" =
      "{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
      "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
      "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
      "{996EC44B-38E1-4898-8E47-3EE3D15F2712}" = Garmin WebUpdater
      "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
      "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
      "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
      "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
      "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
      "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
      "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
      "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
      "{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0
      "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
      "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
      "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
      "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
      "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
      "{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
      "{B79FBFDD-8B0C-4B8E-B70E-499E39978281}" = Windows Vista Upgrade Advisor
      "{B9CF7568-ADBB-11D8-9966-00A0C9663221}" = Creative Multimedia Keyboard
      "{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
      "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
      "{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
      "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
      "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
      "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
      "{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}" =
      "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
      "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
      "{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v4
      "{E3B5D92A-94E3-4F48-AA38-83317662116B}" = TurboTax 2008 wmaiper
      "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
      "{E6B84761-D63F-2A56-4948-E53F1B6D6EF1}" = MozyHome
      "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
      "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
      "{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}" = Adobe Photoshop Lightroom 3.2
      "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
      "{F9D06C1D-EEB6-443A-B5BE-63CE1A5C1290}" = VIPRE Antivirus
      "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
      "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
      "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
      "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
      "AskSBar Uninstall" = Ask Toolbar
      "AudibleDownloadManager" = Audible Download Manager
      "AudibleManager" = AudibleManager
      "BFGC" = Big Fish Games Client
      "BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
      "Branding" =
      "CAL" = Canon Camera Access Library
      "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
      "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
      "CameraWindowLauncher" = Canon Utilities CameraWindow
      "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
      "Canon iP4500 series User Registration" = Canon iP4500 series User Registration
      "Canon Setup Utility 2.0" = Canon Setup Utility 2.0
      "CANONIJPLM100" = PIXMA Extended Survey Program
      "CanonMyPrinter" = Canon My Printer
      "CanonSolutionMenu" = Canon Utilities Solution Menu
      "CCleaner" = CCleaner (remove only)
      "Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
      "Creative Jukebox Driver" = Creative Jukebox Driver
      "Creative Removable Disk Manager" = Creative Removable Disk Manager
      "CSCLIB" = Canon Camera Support Core Library
      "Desktop Maestro_is1" = Desktop Maestro 3.1
      "DPP" = Canon Utilities Digital Photo Professional 3.7
      "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
      "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
      "Easy-WebPrint" = Easy-WebPrint
      "EOS Utility" = Canon Utilities EOS Utility
      "Google Updater" = Google Updater
      "HECI" = Intel® Management Engine Interface
      "HijackThis" = HijackThis 2.0.2
      "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
      "ie7" = Windows Internet Explorer 7
      "ie8" = Windows Internet Explorer 8
      "InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = Canon Utilities FileViewerUtility 1.0
      "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
      "InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}" = Canon PowerShot S45 WIA Driver
      "InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
      "InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = Canon Utilities RemoteCapture 2.6
      "InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
      "InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
      "IntelŪ Integrated Performance Primitives 1.1" =
      "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
      "Micro Innovations Wireless Optical Navigator Mouse" = Micro Innovations Wireless Optical Navigator Mouse
      "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
      "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
      "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
      "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
      "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
      "MSNINST" = MSN
      "MVApplication1" = SureThing CD Labeler 4 SE
      "MyCamera" = Canon Utilities MyCamera
      "Nero - Burning Rom!UninstallKey" =
      "Nero PhotoShow Express" = Nero PhotoShow Express
      "NeroMultiInstaller!UninstallKey" = Nero Suite
      "NeroVision!UninstallKey" =
      "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
      "NMPUninstallKey" =
      "NVIDIA Drivers" = NVIDIA Drivers
      "OracleRTCClient" = Oracle Web Conferencing Console
      "Original Data Security Tools" = Canon Utilities Original Data Security Tools
      "PCHealth" =
      "PhotoRecord" = Canon PhotoRecord
      "PhotoStitch" = Canon Utilities PhotoStitch
      "Picasa 3" = Picasa 3
      "Picture Style Editor" = Canon Utilities Picture Style Editor
      "PowerDesk4.0" = PowerDesk 4.0
      "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
      "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
      "SpeedFan" = SpeedFan (remove only)
      "SysInfo" = Creative System Information
      "SystemRequirementsLab" = System Requirements Lab
      "Time and Chaos" = Time and Chaos
      "TurboTax 2008" = TurboTax 2008
      "TurboTax 2009" = TurboTax 2009
      "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
      "TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
      "UFRaw_is1" = UFRaw 0.15
      "Universal Extractor_is1" = Universal Extractor 1.6 beta
      "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
      "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
      "Windows Media Format Runtime" = Windows Media Format 11 runtime
      "Windows Media Player" = Windows Media Player 11
      "Windows XP Service Pack" = Windows XP Service Pack 3
      "WinGimp-2.0_is1" = GIMP 2.6.6
      "WMFDist11" = Windows Media Format 11 runtime
      "wmp11" = Windows Media Player 11
      "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
      "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
      "Yahoo! Companion" = Yahoo! Toolbar
      "Yahoo! Customizations" = Yahoo! Browser Services
      "Yahoo! Internet Mail" = Yahoo! Internet Mail
      "Yahoo! Messenger" = Yahoo! Messenger
      "YInstHelper" = Yahoo! Install Manager
      "ZoneAlarm Pro" = ZoneAlarm Pro
      "ZoneAlarm Toolbar" = ZoneAlarm Toolbar
      "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
      "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

      ========== HKEY_USERS Uninstall List ==========

      [HKEY_USERS\S-1-5-21-3942706726-3537340895-1898439408-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "Google Chrome" = Google Chrome
      "GoToMeeting" = GoToMeeting 4.0.0.320
      "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

      ========== Last 10 Event Log Errors ==========

      [ Application Events ]
      Error - 8/19/2010 7:14:58 PM | Computer Name = SARAHKEN02 | Source = MsiInstaller | ID = 11704
      Description = Product: Sophos TDL3KMem-A Cleanup Tool -- Error 1704.An installation
      for Ask Toolbar is currently suspended. You must undo the changes made by that
      installation to continue. Do you want to undo those changes?

      Error - 9/2/2010 4:42:15 PM | Computer Name = SARAHKEN02 | Source = Application Hang | ID = 1002
      Description = Hanging application mozyconf.exe, version 2.0.12.3, hang module hungapp,
      version 0.0.0.0, hang address 0x00000000.

      Error - 9/2/2010 4:42:20 PM | Computer Name = SARAHKEN02 | Source = Application Hang | ID = 1002
      Description = Hanging application mozyconf.exe, version 2.0.12.3, hang module hungapp,
      version 0.0.0.0, hang address 0x00000000.

      Error - 9/4/2010 12:09:45 PM | Computer Name = SARAHKEN02 | Source = ESENT | ID = 490
      Description = svchost (1500) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
      for read / write access failed with system error 32 (0x00000020): "The process
      cannot access the file because it is being used by another process. ". The open
      file operation will fail with error -1032 (0xfffffbf8).

      Error - 9/10/2010 9:47:49 AM | Computer Name = SARAHKEN02 | Source = Application Error | ID = 1000
      Description = Faulting application , version 0.0.0.0, faulting module unknown, version
      0.0.0.0, fault address 0x00000000.

      Error - 9/12/2010 8:44:05 AM | Computer Name = SARAHKEN02 | Source = Application Error | ID = 1000
      Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
      module CNQL2404.dll, version 1.0.4.0, fault address 0x000279da.

      Error - 9/12/2010 10:14:30 AM | Computer Name = SARAHKEN02 | Source = crypt32 | ID = 131083
      Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
      with error: A required certificate is not within its validity period when verifying
      against the current system clock or the timestamp in the signed file.

      Error - 9/12/2010 10:14:30 AM | Computer Name = SARAHKEN02 | Source = crypt32 | ID = 131083
      Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
      with error: A required certificate is not within its validity period when verifying
      against the current system clock or the timestamp in the signed file.

      Error - 9/12/2010 11:46:15 AM | Computer Name = SARAHKEN02 | Source = Application Error | ID = 1000
      Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
      module CNQL2404.dll, version 1.0.4.0, fault address 0x000279da.

      Error - 9/12/2010 11:46:22 AM | Computer Name = SARAHKEN02 | Source = Application Error | ID = 1001
      Description = Fault bucket 739952181.

      [ System Events ]
      Error - 9/13/2010 4:21:51 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:22:25 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:22:51 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:22:59 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:23:39 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:23:51 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:24:19 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:24:51 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:24:59 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058

      Error - 9/13/2010 4:25:39 PM | Computer Name = SARAHKEN02 | Source = Service Control Manager | ID = 7001
      Description = The Remote Access Connection Manager service depends on the Telephony
      service which failed to start because of the following error: %%1058


      < End of report >
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Stealth
==============================================


Nothing detected sad.gif

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.


No need to apologize for the delay. This was about what I expected after looking at the response time for others.

I'm grateful for any help you can give me.

Ken

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:05 AM

Posted 13 September 2010 - 03:44 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 oldrunner

oldrunner
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 September 2010 - 04:23 PM

Hi,

I've attached the Combofix file.

Ken

#6 oldrunner

oldrunner
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 September 2010 - 04:26 PM

Let me try that again. It's not clear that I sent the file.

Attached Files



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:05 AM

Posted 14 September 2010 - 02:38 AM

Hi Ken, how are things running now? Do you have any problems left?


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 oldrunner

oldrunner
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 14 September 2010 - 08:22 AM

Hi Elise,

It will be about 5 or 6 hours before I get to my PC this afternoon. In the meantime I had some questions.

What were the results of the Combofix scan?

One of the most recognizable symptoms of my PC's infection was the inability of GMER to complete a scan. Would it make sense to try a GMER scan again? Presumably if the malware is gone GMER should work OK.

Thanks,

Ken

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:05 AM

Posted 14 September 2010 - 08:38 AM

GMER is a very unstable tool because of its nature. There are perfectly clean computers on which it is impossible to run GMER. This is because GMER scans windows kernel processes. By doing so, it can cause system instability.

In your case, you can try to rerun it, but there is no need.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 oldrunner

oldrunner
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 15 September 2010 - 05:25 AM

Hi Elise,

Here's the log. It looks like good news. But is a 6 hour scan usual?

Thanks very much for your help.

Ken

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4616

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/14/2010 11:52:49 PM
mbam-log-2010-09-14 (23-52-49).txt

Scan type: Full scan (C:\|H:\|I:\|J:\|)
Objects scanned: 351579
Time elapsed: 6 hour(s), 16 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:05 AM

Posted 15 September 2010 - 05:30 AM

Hi, yes a full scan can take a while. One more to go. smile.gif

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 oldrunner

oldrunner
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 16 September 2010 - 05:58 AM

Hi Elise,

My ESET report:


C:\Documents and Settings\Ken\Application Data\Sun\Java\Deployment\cache\6.0\26\6973d79a-61877b94 multiple threats deleted - quarantined
C:\Documents and Settings\Ken\Local Settings\Temp\NOD2CE0.tmp Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

Thanks,

Ken

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:05 AM

Posted 16 September 2010 - 06:37 AM

Hi, those were just some leftovers. smile.gif

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 oldrunner

oldrunner
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 16 September 2010 - 03:34 PM

Hi Elise,

I've gotten rid of the three other programs, but combofix /uninstall doesn't seem to work. Is there another way to get rid of it?

Ken

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:05 AM

Posted 16 September 2010 - 03:43 PM

Rename combofix to uninstall, then doubleclick on it to run it. That should do the trick. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users