Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

variant of Win32/Sirefef.dt trojan - unable to clean


  • This topic is locked This topic is locked
8 replies to this topic

#1 simplymetoo

simplymetoo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 22 June 2012 - 11:45 AM

Approximately 6 weeks ago, I switched from Norton to ESET. I'm not sure when the following problems started:
* When searching, on Google for example, I cannot click on any results because I will get redirected.It will scroll through several different addresses and usually end up on this one - http://www.shoppingcove.com/search.aspx?q=computer+problem (searched for computer problem).

* Computer will just reboot and when it restarts I get a message that it has recovered from a serious error.

* I have run Malwarebytes and it usually doesn't get to clean anything. I will get a message that it has encountered a problem and needs to close. I have looked at the list and deleted the problems myself, but it hasn't fixed the problem.

This is my ESET log:

Scan Log
Version of virus signature database: 7241 (20120622)
Date: 6/22/2012 Time: 12:05:55 PM
Scanned disks, folders and files: Operating memory
Operating memory \GLOBAL??\bf9911c4\WINDOWS\$NtUninstallKB44637$\3214479812\Desktop.ini - Win32/Sirefef.DN trojan - cleaned by deleting [1]
Operating memory svchost.exe(1372) - a variant of Win32/Sirefef.DT trojan - unable to clean
Operating memory \\.\globalroot\systemroot\system32\mswsock.dll - error opening [4]
Operating memory I:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll - error opening [4]
Number of scanned objects: 394
Number of threats found: 2
Number of cleaned objects: 1
Time of completion: 12:06:04 PM Total scanning time: 9 sec (00:00:09)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

Do you think that this is something that can be fixed or should I consider installing a new hard drive.

Thanks!

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:14 PM

Posted 22 June 2012 - 02:58 PM

what operating system are you using?

we need a set of diagnostic logs:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 simplymetoo

simplymetoo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 22 June 2012 - 11:29 PM

Sorry I didn't post it the first time, but I'm running XP.

I tried running dds and nothing happened, I assume it was running, in the original window a lot of lb signs (##) went across and then I waited for over 20 minutes and nothing happened. I don't think there was anything running that would interfere. Should I have disabled ESET? Anyway even after that length of time it wouldn't let me close it, open any other programs or open windows task manager.

Here is the MBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 23:17:38
-----------------------------
23:17:38.756 OS Version: Windows 5.1.2600 Service Pack 3
23:17:38.756 Number of processors: 4 586 0x1707
23:17:38.756 ComputerName: NEAL-A5FF76DFCA UserName: Family
23:17:40.068 Initialize success
23:20:08.687 AVAST engine defs: 12062201
23:20:29.686 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path2Target2Lun0
23:20:29.686 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 1
23:20:29.686 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS b4c59f26
23:20:29.701 Disk 1 MBR read error 0
23:20:29.701 Disk 1 MBR scan
23:20:29.795 Disk 1 unknown MBR code
23:20:29.795 MBR BIOS signature not found 0
23:20:29.873 Disk 1 scanning I:\WINDOWS\system32\drivers
23:20:40.060 File: I:\WINDOWS\system32\drivers\netbt.sys **SUSPICIOUS**
23:20:45.498 Disk 1 trace - called modules:
23:20:45.498 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
23:20:45.498 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x8ac025e8]
23:20:47.513 AVAST engine scan I:\WINDOWS
23:21:03.575 AVAST engine scan I:\WINDOWS\system32
23:22:56.429 AVAST engine scan I:\WINDOWS\system32\drivers
23:23:05.522 File: I:\WINDOWS\system32\drivers\netbt.sys **SUSPICIOUS**
23:23:19.241 AVAST engine scan I:\Documents and Settings\Family
23:27:00.778 Disk 1 MBR has been saved successfully to "I:\Documents and Settings\Family\Desktop\MBR.dat"
23:27:00.794 The log file has been saved successfully to "I:\Documents and Settings\Family\Desktop\aswMBR.txt"


Attached File  MBR.zip   120bytes   0 downloads

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:14 PM

Posted 23 June 2012 - 08:06 AM

Hi

Please try this scan instead of DDS


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 simplymetoo

simplymetoo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 23 June 2012 - 10:28 AM

OTL.txt

OTL logfile created on: 6/23/2012 11:09:54 AM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = I:\Documents and Settings\Family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 72.71% Memory free
4.96 Gb Paging File | 4.33 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 465.75 Gb Total Space | 422.27 Gb Free Space | 90.66% Space Free | Partition Type: NTFS

Computer Name: NEAL-A5FF76DFCA | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 11:07:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Family\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/03 22:41:56 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- I:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- I:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- I:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/10/14 22:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- I:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe


========== Modules (No Company Name) ==========

MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- I:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- I:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/03/07 17:04:10 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 22:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE9C70F1-09AE-4541-9035-675F0A51F358}\MpKsle25851ff.sys -- (MpKsle25851ff)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{332AC8DB-6295-4B97-88B3-B318808DD869}\MpKsldece1505.sys -- (MpKsldece1505)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6E624DA-AF87-4FCC-A873-4B8A5B70B712}\MpKsld578855e.sys -- (MpKsld578855e)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC42D738-445F-43E1-9488-FAC891E2667D}\MpKslba821af6.sys -- (MpKslba821af6)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7443B5BC-D279-425D-B49D-B503A1580FDB}\MpKsla1bbadba.sys -- (MpKsla1bbadba)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE2059C0-E48F-4B2A-85D9-A4EEF7440A3A}\MpKsl96408ef7.sys -- (MpKsl96408ef7)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C996F2E-CB17-4194-B2E7-6E72BED0F245}\MpKsl95b32608.sys -- (MpKsl95b32608)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6639F37-B713-4398-A617-47CF64CA06BF}\MpKsl4a772889.sys -- (MpKsl4a772889)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{332AC8DB-6295-4B97-88B3-B318808DD869}\MpKsl3efcf451.sys -- (MpKsl3efcf451)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7443B5BC-D279-425D-B49D-B503A1580FDB}\MpKsl3eac6370.sys -- (MpKsl3eac6370)
DRV - File not found [Kernel | System | Stopped] -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC42D738-445F-43E1-9488-FAC891E2667D}\MpKsl28e2240d.sys -- (MpKsl28e2240d)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- I:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- I:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/09 09:37:28 | 000,039,824 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/11/13 17:49:17 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- I:\WINDOWS\System32\drivers\Cdaudio.sys -- (Cdaudio)
DRV - [2010/04/30 18:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- I:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- I:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/03/10 09:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2008/07/07 13:07:11 | 000,107,520 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- I:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/11/17 16:43:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 16:43:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/16 19:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.winbookcorp.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}
IE - HKU\.DEFAULT\..\SearchScopes\{2CA446BB-4D73-4D22-B4E6-16936DD50BAA}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={2CA446BB-4D73-4D22-B4E6-16936DD50BAA}&s={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}&s={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.winbookcorp.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}
IE - HKU\S-1-5-18\..\SearchScopes\{2CA446BB-4D73-4D22-B4E6-16936DD50BAA}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={2CA446BB-4D73-4D22-B4E6-16936DD50BAA}&s={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}&s={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.winbookcorp.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}
IE - HKU\S-1-5-19\..\SearchScopes\{2CA446BB-4D73-4D22-B4E6-16936DD50BAA}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={2CA446BB-4D73-4D22-B4E6-16936DD50BAA}&s={searchTerms}
IE - HKU\S-1-5-19\..\SearchScopes\{3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}&s={searchTerms}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.winbookcorp.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}
IE - HKU\S-1-5-20\..\SearchScopes\{2CA446BB-4D73-4D22-B4E6-16936DD50BAA}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={2CA446BB-4D73-4D22-B4E6-16936DD50BAA}&s={searchTerms}
IE - HKU\S-1-5-20\..\SearchScopes\{3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}&s={searchTerms}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\SearchScopes,DefaultScope = {3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/?&uid=284&q={searchTerms}
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\SearchScopes\{2CA446BB-4D73-4D22-B4E6-16936DD50BAA}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={2CA446BB-4D73-4D22-B4E6-16936DD50BAA}&s={searchTerms}
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\SearchScopes\{3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}: "URL" = http://search.mywebstart.net/?sid=10101070100&clsid={3F06E4E6-BECA-43C9-B9A6-B3D8760A8AD4}&s={searchTerms}
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_en
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\SearchScopes\{885AFBAF-7E96-4454-A78D-89CC25E8DD3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80468&lng=en
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: {A892B2A1-EE9F-4CBB-9D17-CF296A9E8B28}:1.9.1
FF - prefs.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: I:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: I:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: i:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: i:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: I:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: I:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: i:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: I:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A892B2A1-EE9F-4CBB-9D17-CF296A9E8B28}: I:\Documents and Settings\Family\Local Settings\Application Data\{A892B2A1-EE9F-4CBB-9D17-CF296A9E8B28} [2010/11/13 17:54:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: I:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/03 22:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2012/04/06 16:51:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2012/06/01 16:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: I:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/05/16 00:00:28 | 000,000,000 | ---D | M]

[2010/04/07 19:57:13 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2012/05/13 11:25:08 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\77tf55ud.default\extensions
[2010/04/07 19:56:55 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2011/12/03 22:42:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- I:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/13 17:54:29 | 000,000,000 | ---D | M] (XULRunner) -- I:\DOCUMENTS AND SETTINGS\FAMILY\LOCAL SETTINGS\APPLICATION DATA\{A892B2A1-EE9F-4CBB-9D17-CF296A9E8B28}
[2010/03/16 23:52:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- I:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/11/11 19:26:20 | 000,002,210 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\websearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = I:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = I:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = I:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = I:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = I:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = I:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = I:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = I:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Zylom Plugin (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = I:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Nexon Game Controller (Enabled) = I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = I:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Motive Plugin (Enabled) = I:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = I:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = I:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = i:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = I:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - I:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - I:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - I:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] I:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] I:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] I:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] I:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "i:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "i:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found
O4 - HKU\S-1-5-19..\Run: [Apple Computer] rundll32.exe "I:\Documents and Settings\Family\Local Settings\Application Data\Batchwork\Apple Computer\jgwrgm.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-20..\Run: [Apple Computer] rundll32.exe "I:\Documents and Settings\Family\Local Settings\Application Data\Batchwork\Apple Computer\jgwrgm.dll",DllRegisterServer File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - I:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - I:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.geni.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4EDF2E4-187D-4C14-B510-E73035BBA918}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{152e5bbc-a65a-11df-b128-00242128269d}\Shell - "" = AutoRun
O33 - MountPoints2\{152e5bbc-a65a-11df-b128-00242128269d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{152e5bbc-a65a-11df-b128-00242128269d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{712464af-0eb4-11e0-b14e-00242128269d}\Shell - "" = AutoRun
O33 - MountPoints2\{712464af-0eb4-11e0-b14e-00242128269d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{712464af-0eb4-11e0-b14e-00242128269d}\Shell\AutoRun\command - "" = J:\Windows\PhotoViewerAP_V6.0.1.exe
O33 - MountPoints2\{712464b1-0eb4-11e0-b14e-00242128269d}\Shell - "" = AutoRun
O33 - MountPoints2\{712464b1-0eb4-11e0-b14e-00242128269d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{712464b1-0eb4-11e0-b14e-00242128269d}\Shell\AutoRun\command - "" = J:\Windows\PhotoViewerAP_V6.0.1.exe
O33 - MountPoints2\{bed003f5-6869-11df-b11d-00242128269d}\Shell - "" = AutoRun
O33 - MountPoints2\{bed003f5-6869-11df-b11d-00242128269d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bed003f5-6869-11df-b11d-00242128269d}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c3a4784c-116a-11e0-b151-00242128269d}\Shell - "" = AutoRun
O33 - MountPoints2\{c3a4784c-116a-11e0-b151-00242128269d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3a4784c-116a-11e0-b151-00242128269d}\Shell\AutoRun\command - "" = J:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: osunelog - (I:\WINDOWS\system32\meminit.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ] ] - File not found
NetSvcs: [ "http://ad.doubleclick.net/" - File not found
NetSvcs: [ "http://a.scorecardresearch.com/" - File not found
NetSvcs: 1.2063225920356184 - File not found
NetSvcs: "http://ads.brand.net/" - File not found
NetSvcs: 0.4663147829546746 - File not found
NetSvcs: "http://amch.questionmarket.com/" - File not found
NetSvcs: 2.4575561048895462 - File not found
NetSvcs: "http://ar.voicefive.com/" - File not found
NetSvcs: 1.0497165942903344 - File not found
NetSvcs: "http://b.scorecardresearch.com/" - File not found
NetSvcs: 1.0705114392898865 - File not found
NetSvcs: "http://b.voicefive.com/" - File not found
NetSvcs: 0.8737482411918701 - File not found
NetSvcs: "http://cdn.doubleverify.com/" - File not found
NetSvcs: 0.5429665975643655 - File not found
NetSvcs: "http://motifcdn2.double - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 11:07:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Family\Desktop\OTL.exe
[2012/06/22 23:17:12 | 004,731,392 | ---- | C] (AVAST Software) -- I:\Documents and Settings\Family\Desktop\aswMBR.exe
[2012/06/22 22:36:32 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Family\Start Menu\Programs\Administrative Tools
[2012/06/22 22:36:23 | 000,607,260 | ---- | C] (Swearware) -- I:\Documents and Settings\Family\Desktop\dds.com
[2012/06/22 14:33:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\Application Data\Alawar Entertainment
[2012/06/21 21:15:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\House of 1,000 Doors - The Palm of Zoroaster
[2012/06/21 00:12:15 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\Sacra Terra - Angelic Night
[2012/06/20 18:28:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\take with
[2012/06/20 00:41:43 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\Application Data\CoronationStreetPC
[2012/06/19 18:30:27 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\Coronation Street - Mystery of the Missing Hotpot
[2012/06/19 18:27:59 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\Fashion Solitaire
[2012/06/19 14:08:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2012/06/18 17:11:26 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\Family\Application Data\FDBCFEA0
[2012/06/17 18:03:17 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\Desktop\1st grade ideas
[2012/06/17 01:03:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\Fashion Forward™
[2012/06/16 10:27:58 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\new stuff 2012
[2012/06/09 22:29:12 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\Application Data\Freeze Tag
[2012/06/09 10:33:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\ben to take
[2012/06/01 16:28:22 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\Family\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/30 23:45:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\Application Data\Anarchy
[2012/05/29 18:59:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\excel
[2012/05/29 18:59:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\pic
[2012/05/29 18:57:24 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Family\My Documents\docs
[2012/05/24 16:52:28 | 000,159,608 | ---- | C] (McAfee, Inc.) -- I:\WINDOWS\System32\mfevtps.exe.7966.deleteme
[7 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[1 I:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> I:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 11:15:49 | 000,000,664 | ---- | M] () -- I:\WINDOWS\System32\d3d9caps.dat
[2012/06/23 11:07:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Family\Desktop\OTL.exe
[2012/06/23 10:47:59 | 000,000,416 | ---- | M] () -- I:\WINDOWS\tasks\VersionCheck.job
[2012/06/23 05:23:46 | 000,000,424 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{741D88FA-1B44-4BC2-A5CE-CEE2E054ABB4}.job
[2012/06/23 00:27:12 | 000,000,120 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\MBR.zip
[2012/06/23 00:09:07 | 000,311,934 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2012/06/23 00:09:07 | 000,040,196 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2012/06/23 00:06:32 | 000,000,280 | ---- | M] () -- I:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1123561945-1801674531-1003.job
[2012/06/23 00:06:30 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2012/06/23 00:06:30 | 000,000,288 | ---- | M] () -- I:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1123561945-1801674531-1003.job
[2012/06/23 00:05:02 | 000,182,038 | ---- | M] () -- I:\WINDOWS\System32\nvapps.xml
[2012/06/23 00:04:50 | 000,000,000 | -HS- | M] () -- I:\WINDOWS\System32\dds_trash_log.cmd
[2012/06/23 00:04:46 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2012/06/23 00:04:44 | 3354,578,944 | -HS- | M] () -- I:\hiberfil.sys
[2012/06/22 23:27:00 | 000,000,512 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\MBR.dat
[2012/06/22 23:17:25 | 004,731,392 | ---- | M] (AVAST Software) -- I:\Documents and Settings\Family\Desktop\aswMBR.exe
[2012/06/22 22:36:23 | 000,607,260 | ---- | M] (Swearware) -- I:\Documents and Settings\Family\Desktop\dds.com
[2012/06/22 11:47:49 | 000,535,170 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\Autoruns.zip
[2012/06/22 00:55:07 | 006,449,203 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\CJSorensenFilmGenreProject.zip
[2012/06/21 21:20:54 | 000,001,058 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\House of 1,000 Doors - The Palm of Zoroaster.lnk
[2012/06/21 00:18:45 | 000,000,879 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\Sacra Terra - Angelic Night.lnk
[2012/06/19 21:43:00 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/19 18:50:43 | 000,002,228 | ---- | M] () -- I:\Documents and Settings\Family\printmaster.prefs
[2012/06/19 18:36:33 | 000,001,008 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\Coronation Street - Mystery of the Missing Hotpot.lnk
[2012/06/19 18:28:59 | 000,000,712 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\Fashion Solitaire.lnk
[2012/06/17 01:06:11 | 000,000,783 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\Fashion Forward™.lnk
[2012/06/16 10:22:47 | 000,221,088 | ---- | M] () -- I:\Documents and Settings\Family\My Documents\acie2012.jpg
[2012/06/14 21:26:14 | 000,036,131 | ---- | M] () -- I:\Documents and Settings\Family\My Documents\bennie56.jpg
[2012/06/12 20:38:00 | 000,000,438 | ---- | M] () -- I:\WINDOWS\tasks\EasyShare Registration Task.job
[2012/06/11 21:00:24 | 000,046,080 | ---- | M] () -- I:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/01 16:30:20 | 000,000,784 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 16:28:23 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\Family\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/01 16:03:13 | 000,001,729 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/06/01 02:06:30 | 000,000,774 | ---- | M] () -- I:\Documents and Settings\Family\Desktop\Shortcut to jr.lnk
[2012/05/24 17:05:01 | 000,014,664 | ---- | M] (McAfee, Inc.) -- I:\WINDOWS\stinger.sys
[2012/05/24 16:52:24 | 000,159,608 | ---- | M] (McAfee, Inc.) -- I:\WINDOWS\System32\mfevtps.exe.7966.deleteme
[2012/05/24 16:51:20 | 000,000,057 | RH-- | M] () -- I:\Documents and Settings\Family\Desktop\stinger.opt
[7 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 00:27:12 | 000,000,120 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\MBR.zip
[2012/06/22 23:27:00 | 000,000,512 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\MBR.dat
[2012/06/22 20:45:23 | 000,000,664 | ---- | C] () -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2012/06/22 11:47:48 | 000,535,170 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\Autoruns.zip
[2012/06/22 00:55:00 | 006,449,203 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\CJSorensenFilmGenreProject.zip
[2012/06/21 21:20:54 | 000,001,058 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\House of 1,000 Doors - The Palm of Zoroaster.lnk
[2012/06/21 00:18:45 | 000,000,879 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\Sacra Terra - Angelic Night.lnk
[2012/06/19 18:36:33 | 000,001,008 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\Coronation Street - Mystery of the Missing Hotpot.lnk
[2012/06/19 18:28:59 | 000,000,712 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\Fashion Solitaire.lnk
[2012/06/17 01:06:11 | 000,000,783 | ---- | C] () -- I:\Documents and Settings\Family\Desktop\Fashion Forward™.lnk
[2012/06/16 10:41:43 | 000,036,131 | ---- | C] () -- I:\Documents and Settings\Family\My Documents\bennie56.jpg
[2012/06/16 10:23:23 | 000,221,088 | ---- | C] () -- I:\Documents and Settings\Family\My Documents\acie2012.jpg
[2012/06/01 16:02:03 | 000,002,347 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/01 16:02:03 | 000,001,729 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/05/29 18:20:07 | 3354,578,944 | -HS- | C] () -- I:\hiberfil.sys
[2012/04/18 22:30:47 | 000,000,209 | ---- | C] () -- I:\WINDOWS\settings.ini
[2011/10/17 12:03:39 | 000,072,080 | ---- | C] () -- I:\Documents and Settings\Family\g2mdlhlpx.exe
[2011/10/16 13:38:52 | 000,000,468 | ---- | C] () -- I:\Documents and Settings\Family\.powerschool_gradebook.properties
[2011/10/16 13:37:02 | 000,000,012 | ---- | C] () -- I:\Documents and Settings\Family\.gradebook_userdict.tlx
[2011/05/06 15:05:26 | 000,000,664 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 22:09:28 | 000,018,486 | -HS- | C] () -- I:\Documents and Settings\Family\Local Settings\Application Data\15kry5m7i01457l81w1724u0y65k362442rm755uo28ajce
[2011/05/05 22:09:28 | 000,018,486 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\15kry5m7i01457l81w1724u0y65k362442rm755uo28ajce
[2011/04/30 22:51:42 | 000,014,202 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/30 22:51:42 | 000,014,198 | -HS- | C] () -- I:\Documents and Settings\Family\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/03/11 18:10:14 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Game.INI
[2011/02/20 01:15:15 | 001,228,854 | ---- | C] () -- I:\Documents and Settings\Family\fsqwr.bmp
[2010/11/29 19:26:06 | 000,000,513 | ---- | C] () -- I:\Documents and Settings\Family\start
[2010/11/26 22:04:35 | 000,139,264 | ---- | C] () -- I:\WINDOWS\System32\gswin32c.exe
[2010/11/25 11:40:22 | 000,000,663 | ---- | C] () -- I:\Documents and Settings\Family\trial
[2010/11/13 17:58:23 | 000,000,131 | ---- | C] () -- I:\Documents and Settings\Family\webct_upload_applet.properties
[2010/11/13 17:54:31 | 000,000,120 | ---- | C] () -- I:\WINDOWS\Shezecahale.dat
[2010/11/13 17:54:31 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Qselu.bin
[2010/08/26 11:10:52 | 000,000,438 | ---- | C] () -- I:\WINDOWS\cdplayer.ini
[2010/08/04 16:59:59 | 000,002,228 | ---- | C] () -- I:\Documents and Settings\Family\printmaster.prefs
[2010/07/11 18:23:51 | 000,178,595 | ---- | C] () -- I:\WINDOWS\hpwins20.dat
[2010/07/11 18:23:51 | 000,002,428 | R--- | C] () -- I:\WINDOWS\hpwmdl20.dat
[2010/05/16 14:57:54 | 000,046,080 | ---- | C] () -- I:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 01:04:41 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\Family\99

========== LOP Check ==========

[2010/09/05 02:08:34 | 000,000,000 | -HSD | M] -- I:\Documents and Settings\All Users\Application Data\036bfd1
[2011/02/28 16:48:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/06/19 16:45:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\cupcakecafe
[2012/05/16 00:00:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\ESET
[2010/10/24 00:15:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Farm Fishes
[2010/04/20 18:20:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/04/27 23:15:34 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2010/08/19 15:43:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2010/05/26 22:22:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2012/06/20 00:11:10 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2012/03/27 21:07:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/07/17 19:06:31 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/04/24 12:23:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\FreshGames
[2012/05/12 15:20:26 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Fugazo
[2010/10/12 21:47:45 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2011/12/28 01:23:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/22 22:26:58 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Gogii
[2010/06/29 23:43:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2012/05/07 23:32:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\iWin
[2010/03/23 22:52:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\JollyBear
[2010/05/16 13:26:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Ludia
[2010/09/03 07:08:56 | 000,000,000 | -HSD | M] -- I:\Documents and Settings\All Users\Application Data\MSTMEQS
[2011/06/12 23:18:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/04/28 21:58:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\MythPeople
[2011/02/23 00:08:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze
[2011/07/29 16:22:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Nexon
[2011/07/25 20:00:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\NexonUS
[2010/11/30 22:19:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Oberon Games
[2010/12/27 14:43:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Perfect-Tree
[2011/01/14 22:20:37 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/05/05 13:36:07 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2012/05/14 23:14:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\rionix
[2012/06/17 01:07:10 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/09/26 23:41:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\SulusGames
[2011/08/17 23:21:47 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\T1 Games
[2011/04/15 22:19:57 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/19 16:44:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\UClick
[2010/12/04 13:46:17 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\WinZip
[2011/05/05 22:12:19 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\WSTB
[2012/04/06 16:51:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Zylom
[2010/10/28 10:17:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/22 14:33:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Alawar Entertainment
[2012/05/30 23:45:28 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Anarchy
[2012/05/03 19:34:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Anuman
[2011/08/11 01:03:54 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Awem
[2010/04/08 23:19:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\BlamGames
[2012/04/06 16:54:23 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Boolat Games
[2010/08/08 20:47:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Brunhilda_real
[2010/12/13 16:37:43 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\calibre
[2012/05/21 21:22:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\com.custardsquare.CircusCircus.RunAwayWithTheCircus
[2012/06/20 00:41:43 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\CoronationStreetPC
[2010/05/29 14:14:02 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\DarkParablesBriarRoseSE_RA
[2012/05/16 00:01:20 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\ESET
[2012/06/19 13:13:54 | 000,000,000 | -H-D | M] -- I:\Documents and Settings\Family\Application Data\FDBCFEA0
[2011/05/25 14:26:34 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\FileZilla
[2010/07/03 00:30:10 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Flood Light Games
[2012/06/09 22:29:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Freeze Tag
[2012/05/18 20:49:38 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Friday's games
[2010/07/17 19:21:06 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Fugazo
[2010/10/26 18:36:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\funkitron
[2010/08/16 10:12:08 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\GameHouse
[2010/06/13 11:41:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\GameHousev1001
[2010/07/06 15:44:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\GamesCafe
[2010/12/09 00:13:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\GetRightToGo
[2012/03/27 21:24:08 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Happy Chef
[2010/06/29 23:43:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\HitPoint Studios
[2010/04/19 23:07:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\HSA
[2011/02/02 19:21:31 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\iMaxGen
[2010/06/16 23:27:10 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\IronCode
[2012/05/07 23:32:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\iWin
[2012/04/18 22:30:49 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\JoyBits
[2011/01/08 14:25:31 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Leadertech
[2010/05/16 13:26:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Ludia
[2011/08/05 01:06:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Magnet's Story
[2010/05/29 21:54:34 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\MBT
[2010/06/25 21:18:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Meridian93
[2010/11/19 18:49:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\MumboJumbo
[2011/02/23 00:08:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Nevosoft-Breeze
[2010/11/26 20:07:49 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Oberon Games
[2012/06/14 14:24:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\PlayFirst
[2012/04/11 20:42:43 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Silverback Productions
[2011/06/19 16:44:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\UClick
[2011/08/19 22:22:06 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\VampireSagaHL
[2011/05/15 19:56:48 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\Vasilek Games
[2010/11/02 21:14:36 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\World-LooM
[2011/08/20 19:26:26 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Family\Application Data\YoudaGames
[2012/06/12 20:38:00 | 000,000,438 | ---- | M] () -- I:\WINDOWS\Tasks\EasyShare Registration Task.job
[2012/06/23 05:23:46 | 000,000,424 | -H-- | M] () -- I:\WINDOWS\Tasks\User_Feed_Synchronization-{741D88FA-1B44-4BC2-A5CE-CEE2E054ABB4}.job
[2012/06/23 10:47:59 | 000,000,416 | ---- | M] () -- I:\WINDOWS\Tasks\VersionCheck.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- I:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- I:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- I:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- I:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- I:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- I:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- I:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- I:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- I:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- I:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: SCSI
Media Type: Fixed\thard disk media
Model: Hitachi HDP725050GLA SCSI Disk Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE-A USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE-A USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE-A USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE-A USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model:
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0


< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[I:\WINDOWS\$NtUninstallKB44637$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Extras.txt

OTL Extras logfile created on: 6/23/2012 11:09:55 AM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = I:\Documents and Settings\Family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 72.71% Memory free
4.96 Gb Paging File | 4.33 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 465.75 Gb Total Space | 422.27 Gb Free Space | 90.66% Space Free | Partition Type: NTFS

Computer Name: NEAL-A5FF76DFCA | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-776561741-1123561945-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "I:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = I:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"I:\Program Files\Real\RealPlayer\realplay.exe" = I:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"I:\Program Files\QuickTime\QuickTimePlayer.exe" = I:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83E3F4E4-CEA1-452B-9180-A40813CD111C}" = ESET Smart Security
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDC8B094-1ACE-4DC1-B948-35487DC17634}" = calibre
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"6485-4051-8654-1627" = PrintMaster 2.0 Platinum
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"am-coronationstreetmysteryofthemissinghotpot" = Coronation Street - Mystery of the Missing Hotpot
"am-deliciousemilysholidayseason" = Delicious - Emily's Holiday Season
"am-deliciousemilystasteoffame" = Delicious - Emily's Taste of Fame
"am-deliciousemilystruelovepremiumedition" = Delicious - Emily's True Love Premium Edition
"am-deliciouspremiumpack" = Delicious Premium Pack
"am-fashionforwardtm" = Fashion Forward™
"am-fashionsolitaire" = Fashion Solitaire
"amg-greatadventureslostinmountains" = Great Adventures - Lost in Mountains
"am-happychef" = Happy Chef
"am-houseof1000doorsthepalmofzoroaster" = House of 1,000 Doors - The Palm of Zoroaster
"am-restaurantempire" = Restaurant Empire
"am-sacraterraangelicnight" = Sacra Terra - Angelic Night
"am-shapeshifter" = Shape Shifter
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DocSmartz Pro v7.1" = DocSmartz Pro v7.1
"FileZilla Client" = FileZilla Client 3.5.0
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 15.0" = RealPlayer
"Scratch" = Scratch
"Shop for HP Supplies" = Shop for HP Supplies
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Games Player Plugin" = Web Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PowerTeacher Gradebook" = PowerTeacher Gradebook

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/23/2012 1:53:52 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 1:59:02 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 2:00:11 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 2:57:24 AM | Computer Name = NEAL-A5FF76DFCA | Source = Ci | ID = 4118
Description = A content scan could not be completed on i:\.

Error - 6/23/2012 5:51:44 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 5:51:49 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 11:14:03 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 11:14:47 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 11:15:33 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/23/2012 11:15:58 AM | Computer Name = NEAL-A5FF76DFCA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 6/21/2012 6:42:23 PM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/21/2012 6:42:44 PM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/21/2012 6:43:59 PM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/21/2012 10:09:21 PM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/22/2012 3:07:47 AM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/22/2012 8:12:22 AM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/22/2012 4:49:53 PM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/22/2012 6:10:59 PM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/23/2012 4:08:12 AM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/23/2012 9:08:07 AM | Computer Name = NEAL-A5FF76DFCA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:14 PM

Posted 23 June 2012 - 11:29 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 simplymetoo

simplymetoo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 23 June 2012 - 04:52 PM

Hi!

I ran ComboFix. It said that it found Rootkit Zero Access in tcp/ip stack and that it was particularly difficult to remove. Gave instructions to rerun if the internet could not be accessed when it was done. A couple more pop ups saying Rootkit Zero Access and it could take a moment and I clicked the OK button.

I left it running for over an hour and no log had came up, so I don't know if it was still running. I could not access the internet, so I followed the directions to restart my computer and I could not get the internet and so I reran ComboFix. Again, I let it run for over an hour and got the same messages about finding Rootkit Zero Access. No log has come up.

Should I let it go for longer or try something else?

Thanks for your responses they have been really fast.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:14 PM

Posted 23 June 2012 - 05:29 PM

Hi,

Try running it in safe mode, there may be some AV interference

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


leave it for a little longer, see if it will complete

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:14 PM

Posted 01 July 2012 - 03:14 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users