Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Restore Trojan


  • This topic is locked This topic is locked
45 replies to this topic

#1 Droidling

Droidling

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 19 February 2013 - 02:07 PM

The person that uses this computer told me this started right after she ran a full scan using MS Security Essentials. She also admitted to trying to open a file attached to one of those "UPS package undeliverable" notices, earlier that day. 

 

The operating system is XP. I am unable to see any folders on the C drive from windows explorer. The all programs menu is empty even when logged in in safe mode as administrator.

 

Again in safemode I ran CMD and opened malwarebytes from the command line. It failed during the update.

 

When I tried to run DDS to to get a scan it locked up after the status bar indicated it was about 3/4 complete. After waiting about 15 min. I tried to close DDS, open the task manager, then tried to shut the computer down normally. All failed. I had to do a hardware reboot.

 

I am at a loss as to how to get a log file to work with.

 

Terry


Edited by Droidling, 19 February 2013 - 02:52 PM.


BC AdBot (Login to Remove)

 


#2 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 19 February 2013 - 06:03 PM

Ack!! Just realized I wrote 'System Restore' in the title. It should have said 'System Repair'. Sorry for the confusion. I don't see anyway to edit the topic title.

 

Update: I have been able to gain access to the folders on c drive by changing my folder view settings. Apparently all the folders on the drive have been hidden. Also manually updated MalwareBytes, and ran it. Will try DDS again once it completes.

 

Terry



#3 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 20 February 2013 - 06:26 PM

I've managed to get the computer back to running normally in most respects. No more System Repair pop ups. Files and folders un-hidden, menus populated, MalwareBytes and SuperAntiSpyWare not showing any infections. The only thing I still can't get to work is DDS.exe. Every time I try a scan it locks up my computer.  "This scan should not take more than 3 minutes to complete. When the scan is complete, a logfile/report shall pop open. Please wait..", is the last thing DDS displays. I've let it sit like this for hours. I don't know if this is worth pursueing further.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 21 February 2013 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please Download
 
>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue 
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  •  
    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe)  to your desktop. Double click the aswMBR.exe to run it 
     
  • Click the "Scan" button to start scan.  
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat.  Right click that file and select Send To>Compressed (zipped) folder.  Please attach that zipped file in your next reply.
     
    ===
     
    Please post the logs for my review.


    #5 Droidling

    Droidling
    • Topic Starter

    • Members
    • 67 posts
    • OFFLINE
    •  
    • Local time:03:12 AM

    Posted 21 February 2013 - 11:34 AM

    The master boot record scan is taking awhile. So far TDSSKiller came up with nothing. Is it OK to delete or change the computer and user names on these log files? I'm just not sure if it is wise to post them on the internet. 

     

    Terry



    #6 Droidling

    Droidling
    • Topic Starter

    • Members
    • 67 posts
    • OFFLINE
    •  
    • Local time:03:12 AM

    Posted 21 February 2013 - 12:24 PM

    After doing as much clean up as I know how to, when I reboot and open the main user account 2 notepad documents pop-up with the text below.

     

    desktop.ini - Notepad

    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

    The results from the TDSSKiller scan were negative.

    08:02:32.0765 11268  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    08:02:33.0515 11268  ============================================================
    08:02:33.0515 11268  Current date / time: 2013/02/21 08:02:33.0515
    08:02:33.0515 11268  SystemInfo:
    08:02:33.0515 11268  
    08:02:33.0515 11268  OS Version: 5.1.2600 ServicePack: 3.0
    08:02:33.0515 11268  Product type: Workstation
    08:02:33.0515 11268  ComputerName: BEDROOM
    08:02:33.0515 11268  UserName: Peggy
    08:02:33.0515 11268  Windows directory: C:\WINDOWS
    08:02:33.0515 11268  System windows directory: C:\WINDOWS
    08:02:33.0515 11268  Processor architecture: Intel x86
    08:02:33.0515 11268  Number of processors: 1
    08:02:33.0515 11268  Page size: 0x1000
    08:02:33.0515 11268  Boot type: Normal boot
    08:02:33.0515 11268  ============================================================
    08:02:38.0375 11268  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    08:02:38.0625 11268  ============================================================
    08:02:38.0625 11268  \Device\Harddisk0\DR0:
    08:02:38.0625 11268  MBR partitions:
    08:02:38.0625 11268  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9C6C21
    08:02:38.0625 11268  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C6C60, BlocksNum 0xD5C8CA0
    08:02:38.0625 11268  ============================================================
    08:02:38.0656 11268  Initialize success
    08:02:38.0656 11268  ============================================================
    08:02:50.0015 11036  ============================================================
    08:02:50.0015 11036  Scan started
    08:02:50.0015 11036  Mode: Manual;
    08:02:50.0015 11036  ============================================================
    08:02:50.0015 11036  ================ Scan system memory ========================
    08:02:50.0031 11036  System memory - ok
    08:02:50.0031 11036  ================ Scan services =============================
    08:02:50.0046 11036  !SASCORE - ok
    08:02:50.0093 11036  Abiosdsk - ok
    08:02:50.0109 11036  abp480n5 - ok
    08:02:50.0140 11036  ACPI - ok
    08:02:50.0156 11036  ACPIEC - ok
    08:02:50.0171 11036  AdobeFlashPlayerUpdateSvc - ok
    08:02:50.0187 11036  adpu160m - ok
    08:02:50.0203 11036  aec - ok
    08:02:50.0218 11036  AFD - ok
    08:02:50.0234 11036  AFS2K - ok
    08:02:50.0250 11036  agp440 - ok
    08:02:50.0265 11036  Aha154x - ok
    08:02:50.0296 11036  aic78u2 - ok
    08:02:50.0312 11036  aic78xx - ok
    08:02:50.0328 11036  ALCXWDM - ok
    08:02:50.0343 11036  Alerter - ok
    08:02:50.0359 11036  ALG - ok
    08:02:50.0375 11036  AliIde - ok
    08:02:50.0390 11036  AmdK7 - ok
    08:02:50.0406 11036  amsint - ok
    08:02:50.0421 11036  AppMgmt - ok
    08:02:50.0437 11036  Arp1394 - ok
    08:02:50.0437 11036  asc - ok
    08:02:50.0453 11036  asc3350p - ok
    08:02:50.0468 11036  asc3550 - ok
    08:02:50.0515 11036  aspnet_state - ok
    08:02:50.0531 11036  AsyncMac - ok
    08:02:50.0546 11036  atapi - ok
    08:02:50.0562 11036  Atdisk - ok
    08:02:50.0578 11036  Atmarpc - ok
    08:02:50.0593 11036  AudioSrv - ok
    08:02:50.0609 11036  audstub - ok
    08:02:50.0625 11036  Autodesk Licensing Service - ok
    08:02:50.0640 11036  avgtp - ok
    08:02:50.0656 11036  Beep - ok
    08:02:50.0671 11036  BITS - ok
    08:02:50.0687 11036  Bridge - ok
    08:02:50.0703 11036  BridgeMP - ok
    08:02:50.0718 11036  Browser - ok
    08:02:50.0734 11036  cbidf2k - ok
    08:02:50.0750 11036  cd20xrnt - ok
    08:02:50.0765 11036  Cdaudio - ok
    08:02:50.0796 11036  Cdfs - ok
    08:02:50.0796 11036  Cdr4_xp - ok
    08:02:50.0812 11036  Cdralw2k - ok
    08:02:50.0843 11036  Cdrom - ok
    08:02:50.0859 11036  cdudf_xp - ok
    08:02:50.0875 11036  Changer - ok
    08:02:50.0890 11036  CiSvc - ok
    08:02:50.0906 11036  ClipSrv - ok
    08:02:50.0921 11036  clr_optimization_v2.0.50727_32 - ok
    08:02:50.0937 11036  CmdIde - ok
    08:02:50.0953 11036  COMSysApp - ok
    08:02:51.0000 11036  Cpqarray - ok
    08:02:51.0015 11036  CryptSvc - ok
    08:02:51.0031 11036  dac2w2k - ok
    08:02:51.0046 11036  dac960nt - ok
    08:02:51.0062 11036  DcomLaunch - ok
    08:02:51.0078 11036  Dhcp - ok
    08:02:51.0093 11036  Disk - ok
    08:02:51.0109 11036  dmadmin - ok
    08:02:51.0125 11036  dmboot - ok
    08:02:51.0140 11036  dmio - ok
    08:02:51.0156 11036  dmload - ok
    08:02:51.0171 11036  dmserver - ok
    08:02:51.0187 11036  DMusic - ok
    08:02:51.0203 11036  Dnscache - ok
    08:02:51.0234 11036  Dot3svc - ok
    08:02:51.0234 11036  dpti2o - ok
    08:02:51.0265 11036  drmkaud - ok
    08:02:51.0281 11036  drvmcdb - ok
    08:02:51.0296 11036  DVDVRRdr_xp - ok
    08:02:51.0296 11036  dvd_2K - ok
    08:02:51.0328 11036  EapHost - ok
    08:02:51.0328 11036  ERSvc - ok
    08:02:51.0359 11036  EUSBMSD - ok
    08:02:51.0375 11036  Eventlog - ok
    08:02:51.0390 11036  EventSystem - ok
    08:02:51.0406 11036  Fastfat - ok
    08:02:51.0421 11036  fasttx2k - ok
    08:02:51.0437 11036  FastUserSwitchingCompatibility - ok
    08:02:51.0453 11036  Fax - ok
    08:02:51.0468 11036  Fdc - ok
    08:02:51.0484 11036  Fips - ok
    08:02:51.0500 11036  Flpydisk - ok
    08:02:51.0515 11036  FltMgr - ok
    08:02:51.0531 11036  FontCache3.0.0.0 - ok
    08:02:51.0546 11036  Fs_Rec - ok
    08:02:51.0578 11036  Ftdisk - ok
    08:02:51.0578 11036  Gpc - ok
    08:02:51.0609 11036  helpsvc - ok
    08:02:51.0625 11036  HidServ - ok
    08:02:51.0640 11036  HidUsb - ok
    08:02:51.0656 11036  hkmsvc - ok
    08:02:51.0671 11036  hpn - ok
    08:02:51.0687 11036  hpqcxs08 - ok
    08:02:51.0703 11036  hpqddsvc - ok
    08:02:51.0734 11036  HPSLPSVC - ok
    08:02:51.0750 11036  HTTP - ok
    08:02:51.0765 11036  HTTPFilter - ok
    08:02:51.0781 11036  i2omgmt - ok
    08:02:51.0796 11036  i2omp - ok
    08:02:51.0812 11036  i8042prt - ok
    08:02:51.0828 11036  ialm - ok
    08:02:51.0843 11036  idsvc - ok
    08:02:51.0890 11036  Imapi - ok
    08:02:51.0890 11036  ImapiService - ok
    08:02:51.0921 11036  ini910u - ok
    08:02:51.0937 11036  IntelIde - ok
    08:02:51.0953 11036  intelppm - ok
    08:02:51.0968 11036  ip6fw - ok
    08:02:52.0000 11036  IpFilterDriver - ok
    08:02:52.0000 11036  IpInIp - ok
    08:02:52.0031 11036  IpNat - ok
    08:02:52.0046 11036  IPSec - ok
    08:02:52.0062 11036  IRENUM - ok
    08:02:52.0078 11036  isapnp - ok
    08:02:52.0093 11036  JavaQuickStarterService - ok
    08:02:52.0109 11036  Kbdclass - ok
    08:02:52.0125 11036  kbdhid - ok
    08:02:52.0140 11036  kmixer - ok
    08:02:52.0156 11036  KSecDD - ok
    08:02:52.0171 11036  L8042mou - ok
    08:02:52.0187 11036  lanmanserver - ok
    08:02:52.0218 11036  lanmanworkstation - ok
    08:02:52.0234 11036  LBeepKE - ok
    08:02:52.0250 11036  lbrtfdc - ok
    08:02:52.0265 11036  LBTServ - ok
    08:02:52.0281 11036  LHidFilt - ok
    08:02:52.0312 11036  LightScribeService - ok
    08:02:52.0328 11036  LmHosts - ok
    08:02:52.0343 11036  LMouFilt - ok
    08:02:52.0359 11036  LMouKE - ok
    08:02:52.0375 11036  ltmodem5 - ok
    08:02:52.0390 11036  Messenger - ok
    08:02:52.0406 11036  mmc_2K - ok
    08:02:52.0421 11036  mnmdd - ok
    08:02:52.0437 11036  mnmsrvc - ok
    08:02:52.0453 11036  Modem - ok
    08:02:52.0484 11036  Mouclass - ok
    08:02:52.0500 11036  mouhid - ok
    08:02:52.0515 11036  MountMgr - ok
    08:02:52.0531 11036  MozillaMaintenance - ok
    08:02:52.0546 11036  MpFilter - ok
    08:02:52.0562 11036  mraid35x - ok
    08:02:52.0578 11036  mrtRate - ok
    08:02:52.0593 11036  MRxDAV - ok
    08:02:52.0609 11036  MRxSmb - ok
    08:02:52.0625 11036  MSDTC - ok
    08:02:52.0656 11036  Msfs - ok
    08:02:52.0671 11036  MSIServer - ok
    08:02:52.0687 11036  MSKSSRV - ok
    08:02:52.0703 11036  MsMpSvc - ok
    08:02:52.0718 11036  MSPCLOCK - ok
    08:02:52.0734 11036  MSPQM - ok
    08:02:52.0750 11036  mssmbios - ok
    08:02:52.0765 11036  Mup - ok
    08:02:52.0781 11036  MxlW2k - ok
    08:02:52.0812 11036  napagent - ok
    08:02:52.0828 11036  NDIS - ok
    08:02:52.0843 11036  NdisTapi - ok
    08:02:52.0843 11036  Ndisuio - ok
    08:02:52.0875 11036  NdisWan - ok
    08:02:52.0890 11036  NDProxy - ok
    08:02:52.0906 11036  Net Driver HPZ12 - ok
    08:02:52.0921 11036  NetBIOS - ok
    08:02:52.0937 11036  NetBT - ok
    08:02:52.0953 11036  NetDDE - ok
    08:02:52.0968 11036  NetDDEdsdm - ok
    08:02:52.0984 11036  Netlogon - ok
    08:02:53.0000 11036  Netman - ok
    08:02:53.0015 11036  NetTcpPortSharing - ok
    08:02:53.0046 11036  NIC1394 - ok
    08:02:53.0046 11036  Nla - ok
    08:02:53.0078 11036  NMIndexingService - ok
    08:02:53.0093 11036  Npfs - ok
    08:02:53.0109 11036  Ntfs - ok
    08:02:53.0109 11036  NtLmSsp - ok
    08:02:53.0140 11036  NtmsSvc - ok
    08:02:53.0156 11036  Null - ok
    08:02:53.0171 11036  nv - ok
    08:02:53.0187 11036  NVSvc - ok
    08:02:53.0203 11036  nv_agp - ok
    08:02:53.0218 11036  NwlnkFlt - ok
    08:02:53.0234 11036  NwlnkFwd - ok
    08:02:53.0250 11036  ohci1394 - ok
    08:02:53.0281 11036  omniserv - ok
    08:02:53.0281 11036  Parport - ok
    08:02:53.0312 11036  PartMgr - ok
    08:02:53.0328 11036  ParVdm - ok
    08:02:53.0343 11036  PCI - ok
    08:02:53.0359 11036  PCIDump - ok
    08:02:53.0375 11036  PCIIde - ok
    08:02:53.0390 11036  Pcmcia - ok
    08:02:53.0406 11036  PDCOMP - ok
    08:02:53.0421 11036  PDFRAME - ok
    08:02:53.0437 11036  PDRELI - ok
    08:02:53.0453 11036  PDRFRAME - ok
    08:02:53.0468 11036  perc2 - ok
    08:02:53.0484 11036  perc2hib - ok
    08:02:53.0546 11036  pfc - ok
    08:02:53.0562 11036  PlugPlay - ok
    08:02:53.0578 11036  Pml Driver HPZ12 - ok
    08:02:53.0593 11036  PolicyAgent - ok
    08:02:53.0609 11036  PptpMiniport - ok
    08:02:53.0625 11036  Processor - ok
    08:02:53.0640 11036  ProtectedStorage - ok
    08:02:53.0656 11036  Ps2 - ok
    08:02:53.0671 11036  PSched - ok
    08:02:53.0687 11036  Ptilink - ok
    08:02:53.0703 11036  pwd_2k - ok
    08:02:53.0734 11036  ql1080 - ok
    08:02:53.0750 11036  Ql10wnt - ok
    08:02:53.0765 11036  ql12160 - ok
    08:02:53.0781 11036  ql1240 - ok
    08:02:53.0796 11036  ql1280 - ok
    08:02:53.0828 11036  RasAcd - ok
    08:02:53.0843 11036  RasAuto - ok
    08:02:53.0859 11036  Rasl2tp - ok
    08:02:53.0875 11036  RasMan - ok
    08:02:53.0890 11036  RasPppoe - ok
    08:02:53.0906 11036  Raspti - ok
    08:02:53.0921 11036  Rdbss - ok
    08:02:53.0937 11036  RDPCDD - ok
    08:02:53.0968 11036  RDPWD - ok
    08:02:53.0984 11036  RDSessMgr - ok
    08:02:54.0000 11036  redbook - ok
    08:02:54.0031 11036  RemoteAccess - ok
    08:02:54.0046 11036  RpcLocator - ok
    08:02:54.0062 11036  RpcSs - ok
    08:02:54.0078 11036  RSVP - ok
    08:02:54.0093 11036  rtl8139 - ok
    08:02:54.0125 11036  S3Psddr - ok
    08:02:54.0125 11036  SamSs - ok
    08:02:54.0140 11036  SASDIFSV - ok
    08:02:54.0156 11036  SASKUTIL - ok
    08:02:54.0187 11036  SCardSvr - ok
    08:02:54.0203 11036  Schedule - ok
    08:02:54.0218 11036  Secdrv - ok
    08:02:54.0234 11036  seclogon - ok
    08:02:54.0265 11036  SENS - ok
    08:02:54.0281 11036  Serenum - ok
    08:02:54.0296 11036  Serial - ok
    08:02:54.0343 11036  Sfloppy - ok
    08:02:54.0359 11036  SharedAccess - ok
    08:02:54.0375 11036  ShellHWDetection - ok
    08:02:54.0390 11036  Simbad - ok
    08:02:54.0406 11036  SiS315 - ok
    08:02:54.0421 11036  SISAGP - ok
    08:02:54.0453 11036  SolidWorks Licensing Service - ok
    08:02:54.0468 11036  Sparrow - ok
    08:02:54.0484 11036  splitter - ok
    08:02:54.0500 11036  Spooler - ok
    08:02:54.0515 11036  sr - ok
    08:02:54.0546 11036  srservice - ok
    08:02:54.0562 11036  Srv - ok
    08:02:54.0578 11036  SSDPSRV - ok
    08:02:54.0593 11036  StillCam - ok
    08:02:54.0609 11036  stisvc - ok
    08:02:54.0625 11036  swenum - ok
    08:02:54.0640 11036  swmidi - ok
    08:02:54.0656 11036  SwPrv - ok
    08:02:54.0687 11036  symc810 - ok
    08:02:54.0703 11036  symc8xx - ok
    08:02:54.0718 11036  sym_hi - ok
    08:02:54.0750 11036  sym_u3 - ok
    08:02:54.0765 11036  sysaudio - ok
    08:02:54.0781 11036  SysmonLog - ok
    08:02:54.0796 11036  TapiSrv - ok
    08:02:54.0812 11036  Tcpip - ok
    08:02:54.0828 11036  TDPIPE - ok
    08:02:54.0843 11036  TDTCP - ok
    08:02:54.0937 11036  TermDD - ok
    08:02:54.0937 11036  TermService - ok
    08:02:54.0968 11036  Themes - ok
    08:02:54.0984 11036  TosIde - ok
    08:02:55.0000 11036  TrkWks - ok
    08:02:55.0031 11036  UdfReadr_xp - ok
    08:02:55.0046 11036  Udfs - ok
    08:02:55.0062 11036  ultra - ok
    08:02:55.0078 11036  Update - ok
    08:02:55.0093 11036  upnphost - ok
    08:02:55.0125 11036  UPS - ok
    08:02:55.0140 11036  usbccgp - ok
    08:02:55.0171 11036  usbehci - ok
    08:02:55.0187 11036  usbhub - ok
    08:02:55.0187 11036  usbohci - ok
    08:02:55.0218 11036  usbprint - ok
    08:02:55.0234 11036  usbscan - ok
    08:02:55.0250 11036  USBSTOR - ok
    08:02:55.0265 11036  usbuhci - ok
    08:02:55.0281 11036  VgaSave - ok
    08:02:55.0296 11036  viaagp1 - ok
    08:02:55.0312 11036  ViaIde - ok
    08:02:55.0328 11036  VolSnap - ok
    08:02:55.0359 11036  VSS - ok
    08:02:55.0375 11036  vToolbarUpdater14.2.0 - ok
    08:02:55.0406 11036  W32Time - ok
    08:02:55.0421 11036  Wanarp - ok
    08:02:55.0437 11036  Wdf01000 - ok
    08:02:55.0453 11036  WDICA - ok
    08:02:55.0468 11036  wdmaud - ok
    08:02:55.0500 11036  WebClient - ok
    08:02:55.0515 11036  winmgmt - ok
    08:02:55.0531 11036  WinRM - ok
    08:02:55.0578 11036  WMDM PMSP Service - ok
    08:02:55.0593 11036  WmdmPmSN - ok
    08:02:55.0640 11036  WmiApSrv - ok
    08:02:55.0656 11036  WMPNetworkSvc - ok
    08:02:55.0671 11036  WS2IFSL - ok
    08:02:55.0687 11036  wscsvc - ok
    08:02:55.0703 11036  wuauserv - ok
    08:02:55.0718 11036  WudfPf - ok
    08:02:55.0734 11036  WudfRd - ok
    08:02:55.0750 11036  WudfSvc - ok
    08:02:55.0781 11036  WZCSVC - ok
    08:02:55.0796 11036  xmlprov - ok
    08:02:55.0812 11036  YahooAUService - ok
    08:02:55.0843 11036  {6080A529-897E-4629-A488-ABA0C29B635E} - ok
    08:02:55.0875 11036  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
    08:02:55.0890 11036  ================ Scan global ===============================
    08:02:55.0890 11036  [Global] - ok
    08:02:55.0906 11036  ================ Scan MBR ==================================
    08:02:55.0937 11036  [ B716B775FCBDABF0E2DDFF76F15C6790 ] \Device\Harddisk0\DR0
    08:02:56.0265 11036  \Device\Harddisk0\DR0 - ok
    08:02:56.0265 11036  ================ Scan VBR ==================================
    08:02:56.0281 11036  [ 832232143D846223271EB99C0D70262F ] \Device\Harddisk0\DR0\Partition1
    08:02:56.0281 11036  \Device\Harddisk0\DR0\Partition1 - ok
    08:02:56.0312 11036  [ 1B8CB1C742C938B8685F2470E449AC38 ] \Device\Harddisk0\DR0\Partition2
    08:02:56.0312 11036  \Device\Harddisk0\DR0\Partition2 - ok
    08:02:56.0312 11036  ============================================================
    08:02:56.0312 11036  Scan finished
    08:02:56.0312 11036  ============================================================
    08:02:56.0343 12028  Detected object count: 0
    08:02:56.0343 12028  Actual detected object count: 0

    While running aswMBR I was asked if I wanted to download Avast free antivirus. I selected yes. will running both MS Security Essentials and Avast antivirus cause proiblems? If I need to select one or the other is Avast Free recomended over MSSE?

    aswMBR Log:
    aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
    Run date: 2013-02-21 08:10:39
    -----------------------------
    08:10:39.187    OS Version: Windows 5.1.2600 Service Pack 3
    08:10:39.187    Number of processors: 1 586 0x207
    08:10:39.187    ComputerName: BEDROOM  UserName: Peggy
    08:10:46.968    Initialize success
    08:14:15.968    AVAST engine defs: 13022102
    08:16:11.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    08:16:11.250    Disk 0 Vendor: ST3120025A 4.06 Size: 114473MB BusType: 3
    08:16:11.265    Disk 0 MBR read successfully
    08:16:11.265    Disk 0 MBR scan
    08:16:11.312    Disk 0 unknown MBR code
    08:16:11.328    Disk 0 Partition 1 00     0B        FAT32 RECOVERY     5005 MB offset 63
    08:16:13.031    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       109457 MB offset 10251360
    08:16:13.093    Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS           10 MB offset 234420480
    08:16:13.125    Disk 0 Partition 3  **SUSPICIOUS**
    08:16:13.140    Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS            0 MB offset 234441632
    08:16:13.156    Disk 0 Partition 4  **SUSPICIOUS**
    08:16:13.203    Disk 0 scanning sectors +234441648
    08:16:13.718    Disk 0 scanning C:\WINDOWS\system32\drivers
    08:17:06.484    Service scanning
    08:17:35.812    Service MpKsl88202a98 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF431A21-383F-43D8-9EFA-9D92A80E48AA}\MpKsl88202a98.sys **LOCKED** 32
    08:18:14.234    Modules scanning
    08:18:40.828    Disk 0 trace - called modules:
    08:18:40.875    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
    08:18:40.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd2ab8]
    08:18:40.906    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000062[0x86fdb2a0]
    08:18:40.937    5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fd8940]
    08:18:41.734    AVAST engine scan C:\WINDOWS
    08:19:11.671    AVAST engine scan C:\WINDOWS\system32
    08:30:49.859    AVAST engine scan C:\WINDOWS\system32\drivers
    08:31:38.296    AVAST engine scan C:\Documents and Settings\Peggy
    08:58:23.281    AVAST engine scan C:\Documents and Settings\All Users
    09:06:53.656    Scan finished successfully
    09:08:39.640    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Peggy\Desktop\MBR.dat"
    09:08:39.656    The log file has been saved successfully to "C:\Documents and Settings\Peggy\Desktop\aswMBR.txt"

     

    I haven't figured out how to attach the MBR.zip file yet.
     


    Edited by Droidling, 21 February 2013 - 12:30 PM.


    #7 Droidling

    Droidling
    • Topic Starter

    • Members
    • 67 posts
    • OFFLINE
    •  
    • Local time:03:12 AM

    Posted 21 February 2013 - 12:54 PM

    Here is the MBR.zip. Sorry for the delay. The attachment process seems to have changed since the preperation guide was written.

     

    Attached File  MBR.zip   558bytes   0 downloads



    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 40,190 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:06:12 AM

    Posted 22 February 2013 - 10:50 AM

     
    We may have to return to your Master Boot Record. For now try this.
     
    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 3 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Admin
    You only need to get one of them to run, not all of them.
     
     
    It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
     
    When completed it will create a log. Please post the content on your next reply.
    ===
     
    After Running the RKill tool and without restarting the computer can you execute the DDS tool and post the log if you can.


    #9 Droidling

    Droidling
    • Topic Starter

    • Members
    • 67 posts
    • OFFLINE
    •  
    • Local time:03:12 AM

    Posted 25 February 2013 - 02:02 PM

    I believe I had already run rkill once before when I was trying to clean up the system on my own. I ran it again and tried dds.com before rebooting.

     

    The Rkill Log.

     

    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/25/2013 07:59:36 AM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

     * No malware services found to stop.

    Checking for processes to terminate:

     * C:\WINDOWS\system32\MsPMSPSv.exe (PID: 2044) [WD-HEUR]
     * C:\windows\system\hpsysdrv.exe (PID: 63388) [WD-HEUR]

    2 proccesses terminated!

    Checking Registry for malware related settings:

     * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

     * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

    Checking Windows Service Integrity:

     * No issues found.

    Searching for Missing Digital Signatures:

     * No issues found.

    Checking HOSTS File:

     * HOSTS file entries found:

      127.0.0.1       localhost

    Program finished at: 02/25/2013 08:00:45 AM
    Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)

     

    *****************************************************************************************************

    When I try to run dds.com it hangs with the status bar a little past 3/4 complete.

     

    6e78344c-4b4f-45d2-965d-41f4e518bda8_zps

     

    If it created a log file I don't know where ot find it. I have noticed that after dds hangs I can open other programs for a short time. That is how  I got the screen capture. After a few minutes DDS seems to slow the entire system until the only way to get out of it is to hold the power button down until it shuts off.

     

    This is an older XP computer that's going to be replaced anyway. If I could transfer some documents, contacts and saved email off of it that would fine. The computer is running well enought to do that. I just need to be sure I don't transfer the infection with them.

     

    Terry



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 40,190 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:06:12 AM

    Posted 25 February 2013 - 02:10 PM

    I think this one will run.

     

     

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
     
    • Select All Users.
    • Under the Custom Scan box paste this text in bold in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
     
    Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Post  both logs.


    #11 Droidling

    Droidling
    • Topic Starter

    • Members
    • 67 posts
    • OFFLINE
    •  
    • Local time:03:12 AM

    Posted 25 February 2013 - 03:35 PM

    OTL,txt

     

    OTL logfile created on: 2/25/2013 11:44:01 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Peggy\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1023.48 Mb Total Physical Memory | 592.93 Mb Available Physical Memory | 57.93% Memory free
    1.66 Gb Paging File | 1.36 Gb Available in Paging File | 82.11% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 106.89 Gb Total Space | 84.90 Gb Free Space | 79.42% Space Free | Partition Type: NTFS
    Drive D: | 4.88 Gb Total Space | 1.14 Gb Free Space | 23.30% Space Free | Partition Type: FAT32
     
    Computer Name: MAGROOM | User Name: Peggy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/02/25 11:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peggy\Desktop\OTL.exe
    PRC - [2013/02/18 08:38:12 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2013/02/18 08:38:11 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    PRC - [2011/09/09 15:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    PRC - [2011/05/10 01:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/05/11 13:23:46 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2003/02/21 03:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
    PRC - [2003/02/21 02:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
    PRC - [2003/02/13 07:01:00 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    PRC - [2002/10/16 14:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
    PRC - [2002/06/22 06:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
    PRC - [2002/04/17 16:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2002/04/17 16:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/02/18 08:38:13 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
    MOD - [2013/02/18 08:38:12 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2013/02/18 08:38:11 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    MOD - [2006/10/22 12:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
    MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
    MOD - [2003/02/21 03:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
    MOD - [2003/02/21 02:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
    MOD - [2003/02/21 02:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
    MOD - [2003/02/21 02:49:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
    MOD - [2002/06/22 06:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
    MOD - [2002/06/22 05:01:36 | 000,106,496 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
    MOD - [2002/04/17 16:49:22 | 000,024,576 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
    MOD - [2002/04/17 16:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    MOD - [2002/04/12 17:09:06 | 000,161,792 | ---- | M] () -- C:\WINDOWS\system32\crownmon.dll
    MOD - [2001/07/31 08:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/02/18 08:38:11 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
    SRV - [2013/02/11 05:52:38 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/06 07:48:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2010/05/28 02:46:46 | 000,254,824 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
    SRV - [2010/05/28 02:46:46 | 000,138,600 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
    SRV - [2010/05/28 00:50:44 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
    SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/11/17 14:29:43 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/06/18 13:01:59 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2003/02/21 03:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - [2013/02/18 08:38:13 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2011/09/29 13:45:18 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/06/17 08:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2009/06/17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 08:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2009/06/17 08:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
    DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
    DRV - [2004/08/03 21:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
    DRV - [2003/05/30 00:21:38 | 000,259,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2003/05/30 00:21:38 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
    DRV - [2003/05/30 00:21:38 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
    DRV - [2003/05/30 00:21:38 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2003/05/30 00:21:38 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2003/05/30 00:21:38 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2003/05/30 00:21:38 | 000,022,713 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2003/05/30 00:21:38 | 000,021,737 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2003/03/31 13:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/02/26 18:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2003/02/22 18:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
    DRV - [2002/12/27 10:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
    DRV - [2002/12/24 21:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
    DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2002/09/06 17:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
    DRV - [2001/08/27 13:29:26 | 000,050,528 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUSBMSD.SYS -- (EUSBMSD)
    DRV - [2001/06/04 12:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2001/02/28 09:42:44 | 000,066,048 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\mrtrate.dll -- (mrtRate)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
     
     
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\..\SearchScopes\{33A9029F-60E2-41DD-A1D5-025FCC406F06}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt={Language}&FORM=IE8SRC
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\..\SearchScopes\{4BCCD1C1-FB28-4FBB-B742-579D494A9459}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={848CCF75-6F41-43CC-9FC4-B9D2CE679733}&mid=572048b7318bf9e4a18137478a7c92a0-f42071ed0c7c133a6d63ad65724c1f4c884313fe&lang=en&ds=AVG&pr=fr&d=2011-09-06 07:19:21&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,localhost"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/28 09:50:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 07:15:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 07:48:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 07:47:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/03 08:20:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/28 09:50:07 | 000,000,000 | ---D | M]
     
    [2012/07/03 08:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peggy\Application Data\Mozilla\Extensions
    [2012/10/23 05:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peggy\Application Data\Mozilla\Firefox\Profiles\poqzhq09.default\extensions
    [2013/02/06 07:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/06 07:46:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/06 07:48:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013/02/18 08:39:08 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/25 12:02:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/25 06:40:15 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
     
    O1 HOSTS File: ([2002/08/29 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    O3 - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
    O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
    O4 - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006..\Run: [xeaciselixpe] C:\Documents and Settings\Peggy\xeaciselixpe.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://svca.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: Yahoo! Chat http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A663FDEF-94EA-46CE-880F-92F12E22EB27}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\Peggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/04/09 21:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2002/09/11 04:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2003/05/14 04:54:12 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O33 - MountPoints2\{18f16752-8539-11e0-b75e-0010dceffaa1}\Shell - "" = AutoRun
    O33 - MountPoints2\{18f16752-8539-11e0-b75e-0010dceffaa1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18f16752-8539-11e0-b75e-0010dceffaa1}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O33 - MountPoints2\{4a7528ae-8809-11de-b592-0010dceffaa1}\Shell - "" = AutoRun
    O33 - MountPoints2\{4a7528ae-8809-11de-b592-0010dceffaa1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4a7528ae-8809-11de-b592-0010dceffaa1}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    NetSvcs: 6to4 -  File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias -  File not found
    NetSvcs: Iprip -  File not found
    NetSvcs: Irmon -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: WmdmPmSp -  File not found
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/02/25 11:42:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peggy\Desktop\OTL.exe
    [2013/02/25 07:59:25 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Peggy\Desktop\rkill.exe
    [2013/02/21 08:09:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Peggy\Desktop\aswMBR.exe
    [2013/02/21 08:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Desktop\tdsskiller
    [2013/02/20 14:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks Pro
    [2013/02/20 14:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
    [2013/02/20 14:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/20 12:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
    [2013/02/20 11:38:42 | 000,688,992 | ---- | C] (Swearware) -- C:\Program Files\dds.com
    [2013/02/20 07:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Application Data\SUPERAntiSpyware.com
    [2013/02/19 16:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2013/02/19 16:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2013/02/19 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/02/19 13:14:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peggy\Recent
    [2013/02/19 10:08:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peggy\Start Menu\Programs\Administrative Tools
    [2013/02/19 10:04:55 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Peggy\Desktop\dds.com
    [2013/02/19 09:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip File Manager
    [2013/02/19 09:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip File Manager
    [2013/02/19 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
    [2013/02/19 09:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    [2013/02/19 09:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
    [2013/02/19 05:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Start Menu\Programs\System Repair
    [2013/02/19 04:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Local Settings\Application Data\PCHealth
    [2013/02/15 13:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\My Documents\USPS report id359788933951
    [2013/02/15 13:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
    [2013/02/15 13:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\My Documents\USPS report id35978893395
    [2013/02/06 08:02:54 | 000,544,616 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5912.dll
    [2013/02/06 08:02:40 | 001,946,472 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_OJ8600.dll
    [2013/02/06 08:02:40 | 000,488,808 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_OJ8600.dll
    [2013/02/06 08:02:33 | 000,429,928 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912.dll
    [2013/02/06 08:02:32 | 000,270,696 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912LM.dll
    [2013/02/06 08:02:32 | 000,216,424 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5912.dll
    [2013/02/06 08:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Local Settings\Application Data\HP
    [2013/02/06 07:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2003/08/08 09:41:19 | 017,667,045 | ---- | C] (Indigo Rose Corporation) -- C:\Program Files\dem780f.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/02/25 11:51:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/25 11:49:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/02/25 11:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peggy\Desktop\OTL.exe
    [2013/02/25 11:41:02 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
    [2013/02/25 11:40:51 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/02/25 11:40:32 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2013/02/25 11:39:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/25 11:39:51 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
    [2013/02/25 11:39:51 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
    [2013/02/25 11:38:50 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/25 11:38:47 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/25 08:04:27 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/02/22 14:00:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/02/21 15:06:55 | 000,665,658 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\TrojanRecovery.rtf
    [2013/02/21 13:18:52 | 318,833,664 | ---- | M] () -- C:\WINDOWS\outlook.pst
    [2013/02/21 10:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/02/21 09:26:08 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\MBR.zip
    [2013/02/21 09:08:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\MBR.dat
    [2013/02/21 08:21:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Peggy\Desktop\aswMBR.exe
    [2013/02/21 08:12:51 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\tdsskiller.zip
    [2013/02/20 13:38:29 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Peggy\Desktop\rkill.exe
    [2013/02/20 12:36:41 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\Shortcut to mbam.exe.lnk
    [2013/02/20 11:37:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Peggy\Desktop\dds.com
    [2013/02/20 11:37:51 | 000,688,992 | ---- | M] (Swearware) -- C:\Program Files\dds.com
    [2013/02/19 05:48:19 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
    [2013/02/19 04:46:33 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2013/02/18 20:40:10 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/02/18 08:38:13 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013/02/14 05:52:22 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 15:05:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 14:57:58 | 000,434,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 14:57:58 | 000,068,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/11 05:52:24 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/11 05:52:22 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/06 08:02:53 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:53 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:52 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
    [2013/02/06 08:00:34 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2013/01/30 02:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/02/21 09:26:08 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\MBR.zip
    [2013/02/21 09:08:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\MBR.dat
    [2013/02/21 08:01:23 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\tdsskiller.zip
    [2013/02/21 07:57:55 | 000,665,658 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\TrojanRecovery.rtf
    [2013/02/20 14:11:55 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
    [2013/02/20 14:09:03 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2013/02/20 14:09:03 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2013/02/20 14:09:03 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/20 14:09:03 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/02/20 14:09:03 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk
    [2013/02/20 14:09:03 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2013/02/20 14:09:01 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
    [2013/02/20 14:09:00 | 000,002,503 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
    [2013/02/20 14:09:00 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
    [2013/02/20 14:09:00 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
    [2013/02/20 14:09:00 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
    [2013/02/20 14:09:00 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
    [2013/02/20 14:09:00 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
    [2013/02/20 14:09:00 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/02/20 14:09:00 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
    [2013/02/20 14:09:00 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/02/20 14:08:59 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2013/02/20 14:08:56 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Standard.lnk
    [2013/02/20 14:08:56 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 6.0.lnk
    [2013/02/20 12:36:41 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\Shortcut to mbam.exe.lnk
    [2013/02/19 06:19:59 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2013/02/06 08:02:53 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:52 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:52 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
    [2013/02/06 08:00:34 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2012/07/03 08:54:20 | 000,037,207 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Comma Separated Values (Windows).ADR
    [2012/07/03 08:41:51 | 000,009,348 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Comma Separated Values (Windows).EML
    [2012/02/20 06:08:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/06/28 09:38:05 | 000,232,977 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
    [2011/06/28 09:38:05 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
    [2011/06/28 09:23:36 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
    [2011/06/28 09:22:36 | 000,004,684 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
    [2003/08/06 09:13:58 | 000,000,484 | ---- | C] () -- C:\Program Files\Shortcut to FTSCHEDL.lnk
     
    ========== ZeroAccess Check ==========
     
    [2003/04/09 23:48:57 | 000,000,227 | R--- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== Custom Scans ==========
     
    ========== Base Services ==========
    SRV - [2008/04/13 16:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
    SRV - [2008/04/13 16:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
    SRV - [2012/07/06 05:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
    SRV - [2008/04/13 16:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
    SRV - [2008/04/13 16:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
    SRV - [2009/04/20 09:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
    SRV - [2008/04/13 16:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
    SRV - [2008/04/13 16:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
    SRV - [2008/04/13 15:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
    SRV - [2008/04/13 16:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
    SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
    SRV - [2008/04/13 16:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
    SRV - [2008/04/13 16:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
    SRV - [2008/04/13 16:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
    SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
    SRV - [2008/04/13 16:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
    SRV - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
    SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
    SRV - [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
    SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
    SRV - [2008/04/13 16:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
    SRV - [2008/04/13 16:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
    SRV - [2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
    SRV - [2008/04/13 16:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
    SRV - [2008/04/13 16:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
    SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
    SRV - [2008/04/13 16:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
    SRV - [2010/08/26 21:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
    SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
    SRV - [2008/04/13 16:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
    SRV - [2008/04/13 16:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
    SRV - [2008/04/13 16:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
    SRV - [2008/04/13 16:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
    SRV - [2008/04/13 16:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
    SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
    SRV - [2008/04/13 16:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
    SRV - [2008/04/13 16:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
    SRV - [2008/04/13 16:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
    SRV - [2008/04/13 16:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
    SRV - [2008/04/13 16:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
    SRV - [2008/04/13 16:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
    No service found with a name of Wmi
    SRV - [2008/04/13 16:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
    SRV - [2008/04/13 16:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
    SRV - [2009/06/09 22:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
     
    < %SYSTEMDRIVE%\*.exe >
    [2005/10/31 07:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    < MD5 for: EXPLORER.EXE  >
    [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
     
    < MD5 for: SERVICES  >
    [2002/08/29 11:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
     
    < MD5 for: SERVICES._  >
    [2002/08/29 04:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._
    [2002/08/29 11:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._
     
    < MD5 for: SERVICES.BMP  >
    [2001/03/14 00:14:56 | 000,005,030 | ---- | M] () MD5=FDBB222415C2E2A4129C60B3133C2E0E -- C:\Program Files\Quicken\hpbiz\services.bmp
     
    < MD5 for: SERVICES.DLL  >
    [2003/02/05 18:38:36 | 000,018,432 | ---- | M] () MD5=877C7773052F8B497CA2ACDA84CD83FC -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\services.dll
    [2003/02/05 18:38:36 | 000,018,432 | ---- | M] () MD5=877C7773052F8B497CA2ACDA84CD83FC -- C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\services.dll
     
    < MD5 for: SERVICES.EX_  >
    [2002/08/29 04:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\I386\SERVICES.EX_
    [2002/08/29 11:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\WINDOWS\I386\SERVICES.EX_
     
    < MD5 for: SERVICES.EXE  >
    [2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/03 23:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
     
    < MD5 for: SERVICES.INI  >
    [2003/04/09 23:32:37 | 000,000,093 | ---- | M] () MD5=824DB6FF5EEA58DCA1B7DD2A9FE636DB -- C:\Program Files\InstallShield Installation Information\PC-Doctor\Services\Services.ini
     
    < MD5 for: SERVICES.LNK  >
    [2008/10/10 13:50:58 | 000,001,613 | ---- | M] () MD5=B1F252127DEDB4C9DF8F6953090BDF26 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
    [2008/10/10 13:50:58 | 000,001,613 | ---- | M] () MD5=B1F252127DEDB4C9DF8F6953090BDF26 -- C:\Documents and Settings\Peggy\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
     
    < MD5 for: SERVICES.MS_  >
    [2002/08/29 04:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_
    [2002/08/29 11:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_
     
    < MD5 for: SERVICES.MSC  >
    [2002/08/29 04:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
     
    < MD5 for: SVCHOST.EXE  >
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
     
    < MD5 for: USERINIT.EXE  >
    [2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2004/05/26 17:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\sp1qfe\winlogon.exe
    [2004/05/26 17:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe
    [2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
     
    < MD5 for: WINSOCK.DL_  >
    [2002/08/29 04:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\I386\WINSOCK.DL_
    [2002/08/29 11:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\WINDOWS\I386\WINSOCK.DL_
     
    < MD5 for: WINSOCK.DLL  >
    [2002/08/29 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
    [2002/08/29 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

    < End of report >
     

     

    Extras.txt

     

    OTL Extras logfile created on: 2/25/2013 11:44:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Peggy\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1023.48 Mb Total Physical Memory | 592.93 Mb Available Physical Memory | 57.93% Memory free
    1.66 Gb Paging File | 1.36 Gb Available in Paging File | 82.11% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 106.89 Gb Total Space | 84.90 Gb Free Space | 79.42% Space Free | Partition Type: NTFS
    Drive D: | 4.88 Gb Total Space | 1.14 Gb Free Space | 23.30% Space Free | Partition Type: FAT32
     
    Computer Name: MAGROOM | User Name: Peggy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
     
    [HKEY_USERS\S-1-5-21-4045552087-2892903063-1518690786-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "20469:UDP" = 20469:UDP:*:Enabled:UDP 20469
    "21278:TCP" = 21278:TCP:*:Enabled:TCP 21278
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Documents and Settings\Peggy\Local Settings\Temp\7zS0B78\OJP8500vA909_Full_14\setup\hpznui01.exe" = C:\Documents and Settings\Peggy\Local Settings\Temp\7zS0B78\OJP8500vA909_Full_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
    "{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
    "{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}" = HP Memories Disc
    "{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
    "{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
    "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
    "{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
    "{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
    "{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}" = HP Photo and Imaging 1.2 - Photosmart Cameras
    "{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
    "{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
    "{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
    "{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
    "{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
    "{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95F9D960-C571-11D0-90F0-00001B1EFBA8}" = QuickBooks Pro 2001
    "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
    "{9E88DAA4-1352-4272-BA3A-897668408400}" = HP Photosmart printers preloaded drivers
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
    "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
    "{AC76BA86-0000-F676-9FA0-000000000603}" = Adobe Interactive Forms Update SP1
    "{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
    "{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
    "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
    "{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
    "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
    "{B46A0881-27EC-11D4-96F3-00600803B385}" = Crown Print Monitor
    "{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0F6C165-7D23-4AC5-ACF2-0211C6A3BF64}" = ZIP Reader 8.00.0010
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{ECD5DF04-44C7-43C6-A05A-A43F05344FC0}" = RoboSource Control
    "{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
    "{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
    "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
    "{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
    "{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FA291352-8B46-4678-B344-C176F28C5C3E}" = RoboHelp Office
    "4F0AE1FB-4082-4A27-8363-05D292D92FB0" = Virtual Warfare from Hewlett-Packard Desktops (remove only)
    "AccuTerm 2K2 Lite" = AccuTerm 2K2 Lite
    "Adaptec DirectCD Reader" = Adaptec DirectCD Reader
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AVG Secure Search" = AVG Security Toolbar
    "BackWeb-137903 Uninstaller" = Updates from HP
    "exPressit S.E. 2.2" = exPressit S.E. 2.2
    "hp deskjet 5100 series_Driver" = hp deskjet 5100 series
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "hp instant support" = HP Instant Support
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "HPOCR" = OCR Software by I.R.I.S. 14.0
    "HPTOOLKIT" = toolkit
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
    "InstallShield_{ECD5DF04-44C7-43C6-A05A-A43F05344FC0}" = RoboSource Control
    "InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
    "InstallShield_{FA291352-8B46-4678-B344-C176F28C5C3E}" = RoboHelp Office X5
    "InterActual Player" = InterActual Player
    "Java Web Start" = Java Web Start
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
    "Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PS2" = PS2
    "Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
    "Python 2.2.1" = Python 2.2.1
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer
    "Registry Mechanic_is1" = Registry Mechanic 5.2
    "S3Display" = S3Display
    "S3Gamma2" = S3Gamma2
    "S3Info2" = S3Info2
    "S3Overlay" = S3Overlay
    "Shop for HP Supplies" = Shop for HP Supplies
    "SnagIt6" = SnagIt 6
    "SpamSubtract" = SpamSubtract
    "ST6UNST #1" = PSM Control
    "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Winamp" = Winamp (remove only)
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WordPerfect Productivity Pack" = WordPerfect Productivity Pack
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 10/9/2012 4:08:15 PM | Computer Name = MAGROOM | Source = MsiInstaller | ID = 11706
    Description = Product: RecordNow -- Error 1706. An installation package for the
    product RecordNow cannot be found. Try the installation again using a valid copy
     of the installation package 'MyCD.msi'.
     
    Error - 10/10/2012 12:24:36 PM | Computer Name = MAGROOM | Source = MsiInstaller | ID = 11706
    Description = Product: RecordNow -- Error 1706. An installation package for the
    product RecordNow cannot be found. Try the installation again using a valid copy
     of the installation package 'MyCD.msi'.
     
    Error - 10/10/2012 12:25:32 PM | Computer Name = MAGROOM | Source = MsiInstaller | ID = 11706
    Description = Product: RecordNow -- Error 1706. An installation package for the
    product RecordNow cannot be found. Try the installation again using a valid copy
     of the installation package 'MyCD.msi'.
     
    Error - 10/10/2012 12:26:21 PM | Computer Name = MAGROOM | Source = MsiInstaller | ID = 11706
    Description = Product: RecordNow -- Error 1706. An installation package for the
    product RecordNow cannot be found. Try the installation again using a valid copy
     of the installation package 'MyCD.msi'.
     
    Error - 10/10/2012 12:31:33 PM | Computer Name = MAGROOM | Source = Application Error | ID = 1000
    Description = Faulting application atlite2k2.exe, version 5.2.0.301, faulting module
     msvbvm60.dll, version 6.0.98.2, fault address 0x00063f5a.
     
    Error - 10/10/2012 12:31:47 PM | Computer Name = MAGROOM | Source = MsiInstaller | ID = 11706
    Description = Product: RecordNow -- Error 1706. An installation package for the
    product RecordNow cannot be found. Try the installation again using a valid copy
     of the installation package 'MyCD.msi'.
     
    Error - 10/10/2012 12:37:00 PM | Computer Name = MAGROOM | Source = MsiInstaller | ID = 11706
    Description = Product: RecordNow -- Error 1706. An installation package for the
    product RecordNow cannot be found. Try the installation again using a valid copy
     of the installation package 'MyCD.msi'.
     
    Error - 2/17/2013 7:00:29 AM | Computer Name = MAGROOM | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
     P2 4.1.522.0, P3 timeout, P4 1.1.9103.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
     P8 NIL, P9 NIL, P10 NIL.
     
    Error - 2/17/2013 7:00:29 AM | Computer Name = MAGROOM | Source = MPSampleSubmission | ID = 5000
    Description = EventType antimalwaresettingschange, P1 2147678407, P2 NIL, P3 NIL,
     P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
     
    Error - 2/17/2013 7:00:30 AM | Computer Name = MAGROOM | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
     P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
     P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
     
    [ System Events ]
    Error - 2/25/2013 12:19:13 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7000
    Description = The Yahoo! Updater service failed to start due to the following error:
       %%1053
     
    Error - 2/25/2013 12:50:09 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error:   %%2
     
    Error - 2/25/2013 12:50:09 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Yahoo! Updater service
     to connect.
     
    Error - 2/25/2013 12:50:09 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7000
    Description = The Yahoo! Updater service failed to start due to the following error:
       %%1053
     
    Error - 2/25/2013 12:50:14 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
      It has done this 1 time(s).
     
    Error - 2/25/2013 1:01:35 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7034
    Description = The WMDM PMSP Service service terminated unexpectedly.  It has done
     this 1 time(s).
     
    Error - 2/25/2013 3:39:19 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error:   %%2
     
    Error - 2/25/2013 3:39:19 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Yahoo! Updater service
     to connect.
     
    Error - 2/25/2013 3:39:19 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7000
    Description = The Yahoo! Updater service failed to start due to the following error:
       %%1053
     
    Error - 2/25/2013 3:39:24 PM | Computer Name = MAGROOM | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
      It has done this 1 time(s).
     
     
    < End of report >
     



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 40,190 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:06:12 AM

    Posted 26 February 2013 - 09:08 AM

    Run OTL -  Double-click OTL.exe to start it.
     
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKU\S-1-5-21-4045552087-2892903063-1518690786-1006..\Run: [xeaciselixpe] C:\Documents and Settings\Peggy\xeaciselixpe.exe File not found
     
    :Commands
    [emptytemp]
    [resethosts]

     

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    ===
    Please download JavaRa 
     
    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.
     
    Select the Direct link download unzip it to your Desktop.
     
    Double click JavaRa.exe then click Remove Older Versions.
    In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.
     
    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
    ===
    Download and run the following programs.
    If any of them fail to complete, execute the others and post any logs that you can save.
     
    Please download ComboFix from one of these locations:
    IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
     
    Do not mouse click ComboFix's window while it's running. That may cause it to stall
     
    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===
     
    Third party programs if not up to date can be the cause of infiltration an infection.
     
    Please run this security check for my review.
     
    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===
     
    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
     
    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete tab follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
    Please post the logs and let me know if the problem persists.


    #13 Droidling

    Droidling
    • Topic Starter

    • Members
    • 67 posts
    • OFFLINE
    •  
    • Local time:03:12 AM

    Posted 26 February 2013 - 01:53 PM

    The OTL Quick Scan log after Run Fix

     

    OTL logfile created on: 2/26/2013 10:15:39 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Peggy\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1023.48 Mb Total Physical Memory | 518.13 Mb Available Physical Memory | 50.62% Memory free
    1.66 Gb Paging File | 1.25 Gb Available in Paging File | 75.16% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 106.89 Gb Total Space | 85.91 Gb Free Space | 80.37% Space Free | Partition Type: NTFS
    Drive D: | 4.88 Gb Total Space | 1.14 Gb Free Space | 23.30% Space Free | Partition Type: FAT32
     
    Computer Name: MAGROOM | User Name: Peggy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/02/25 11:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peggy\Desktop\OTL.exe
    PRC - [2013/02/18 08:38:12 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2013/02/18 08:38:11 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    PRC - [2011/09/09 15:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    PRC - [2011/05/10 01:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/05/11 13:23:46 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2003/02/21 03:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
    PRC - [2003/02/21 02:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
    PRC - [2003/02/13 07:01:00 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    PRC - [2002/10/16 14:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
    PRC - [2002/06/22 06:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
    PRC - [2002/04/17 16:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2002/04/17 16:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/02/18 08:38:13 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
    MOD - [2013/02/18 08:38:12 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2013/02/18 08:38:11 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
    MOD - [2003/02/21 03:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
    MOD - [2003/02/21 02:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
    MOD - [2003/02/21 02:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
    MOD - [2003/02/21 02:49:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
    MOD - [2002/06/22 06:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
    MOD - [2002/06/22 05:01:36 | 000,106,496 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
    MOD - [2002/04/17 16:49:22 | 000,024,576 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
    MOD - [2002/04/17 16:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    MOD - [2002/04/12 17:09:06 | 000,161,792 | ---- | M] () -- C:\WINDOWS\system32\crownmon.dll
    MOD - [2001/07/31 08:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/02/18 08:38:11 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
    SRV - [2013/02/11 05:52:38 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/06 07:48:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2010/05/28 02:46:46 | 000,254,824 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
    SRV - [2010/05/28 02:46:46 | 000,138,600 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
    SRV - [2010/05/28 00:50:44 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
    SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/11/17 14:29:43 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/06/18 13:01:59 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2003/02/21 03:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - [2013/02/18 08:38:13 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2011/09/29 13:45:18 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/06/17 08:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2009/06/17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 08:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2009/06/17 08:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
    DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
    DRV - [2004/08/03 21:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
    DRV - [2003/05/30 00:21:38 | 000,259,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2003/05/30 00:21:38 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
    DRV - [2003/05/30 00:21:38 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
    DRV - [2003/05/30 00:21:38 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2003/05/30 00:21:38 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2003/05/30 00:21:38 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2003/05/30 00:21:38 | 000,022,713 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2003/05/30 00:21:38 | 000,021,737 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2003/03/31 13:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/02/26 18:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2003/02/22 18:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
    DRV - [2002/12/27 10:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
    DRV - [2002/12/24 21:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
    DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2002/09/06 17:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
    DRV - [2001/08/27 13:29:26 | 000,050,528 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUSBMSD.SYS -- (EUSBMSD)
    DRV - [2001/06/04 12:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2001/02/28 09:42:44 | 000,066,048 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\mrtrate.dll -- (mrtRate)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes\{33A9029F-60E2-41DD-A1D5-025FCC406F06}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt={Language}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{4BCCD1C1-FB28-4FBB-B742-579D494A9459}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={848CCF75-6F41-43CC-9FC4-B9D2CE679733}&mid=572048b7318bf9e4a18137478a7c92a0-f42071ed0c7c133a6d63ad65724c1f4c884313fe&lang=en&ds=AVG&pr=fr&d=2011-09-06 07:19:21&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,localhost"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/28 09:50:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 07:15:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 07:48:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 07:47:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/03 08:20:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/28 09:50:07 | 000,000,000 | ---D | M]
     
    [2012/07/03 08:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peggy\Application Data\Mozilla\Extensions
    [2012/10/23 05:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peggy\Application Data\Mozilla\Firefox\Profiles\poqzhq09.default\extensions
    [2013/02/06 07:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/06 07:46:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/06 07:48:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013/02/18 08:39:08 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/25 12:02:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/25 06:40:15 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
     
    O1 HOSTS File: ([2013/02/26 10:05:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1       localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://svca.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: Yahoo! Chat http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A663FDEF-94EA-46CE-880F-92F12E22EB27}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\Peggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/04/09 21:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2002/09/11 04:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2003/05/14 04:54:12 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O33 - MountPoints2\{18f16752-8539-11e0-b75e-0010dceffaa1}\Shell - "" = AutoRun
    O33 - MountPoints2\{18f16752-8539-11e0-b75e-0010dceffaa1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18f16752-8539-11e0-b75e-0010dceffaa1}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O33 - MountPoints2\{4a7528ae-8809-11de-b592-0010dceffaa1}\Shell - "" = AutoRun
    O33 - MountPoints2\{4a7528ae-8809-11de-b592-0010dceffaa1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4a7528ae-8809-11de-b592-0010dceffaa1}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/02/26 10:01:14 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/26 09:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Desktop\JavaRA
    [2013/02/26 09:54:28 | 005,036,023 | ---- | C] (Swearware) -- C:\Documents and Settings\Peggy\Desktop\ComboFix.exe
    [2013/02/25 11:42:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peggy\Desktop\OTL.exe
    [2013/02/25 07:59:25 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Peggy\Desktop\rkill.exe
    [2013/02/21 08:09:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Peggy\Desktop\aswMBR.exe
    [2013/02/21 08:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Desktop\tdsskiller
    [2013/02/20 14:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks Pro
    [2013/02/20 14:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
    [2013/02/20 14:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/20 12:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
    [2013/02/20 11:38:42 | 000,688,992 | ---- | C] (Swearware) -- C:\Program Files\dds.com
    [2013/02/20 07:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Application Data\SUPERAntiSpyware.com
    [2013/02/19 16:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2013/02/19 16:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2013/02/19 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/02/19 13:14:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peggy\Recent
    [2013/02/19 10:08:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peggy\Start Menu\Programs\Administrative Tools
    [2013/02/19 10:04:55 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Peggy\Desktop\dds.com
    [2013/02/19 09:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip File Manager
    [2013/02/19 09:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip File Manager
    [2013/02/19 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
    [2013/02/19 09:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    [2013/02/19 09:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
    [2013/02/19 05:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Start Menu\Programs\System Repair
    [2013/02/19 04:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Local Settings\Application Data\PCHealth
    [2013/02/15 13:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\My Documents\USPS report id359788933951
    [2013/02/15 13:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
    [2013/02/15 13:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\My Documents\USPS report id35978893395
    [2013/02/06 08:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peggy\Local Settings\Application Data\HP
    [2013/02/06 07:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2003/08/08 09:41:19 | 017,667,045 | ---- | C] (Indigo Rose Corporation) -- C:\Program Files\dem780f.exe
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/02/26 10:15:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/26 10:14:57 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/02/26 10:14:57 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
    [2013/02/26 10:14:10 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2013/02/26 10:13:57 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
    [2013/02/26 10:13:57 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
    [2013/02/26 10:13:19 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/26 10:13:16 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/26 10:11:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/02/26 10:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/02/26 10:05:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2013/02/26 10:04:26 | 005,036,023 | ---- | M] (Swearware) -- C:\Documents and Settings\Peggy\Desktop\ComboFix.exe
    [2013/02/26 09:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/25 15:01:29 | 318,833,664 | ---- | M] () -- C:\WINDOWS\outlook.pst
    [2013/02/25 11:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peggy\Desktop\OTL.exe
    [2013/02/25 08:04:27 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/02/22 14:00:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/02/21 15:06:55 | 000,665,658 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\TrojanRecovery.rtf
    [2013/02/21 09:26:08 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\MBR.zip
    [2013/02/21 09:08:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\MBR.dat
    [2013/02/21 08:21:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Peggy\Desktop\aswMBR.exe
    [2013/02/21 08:12:51 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\tdsskiller.zip
    [2013/02/20 13:38:29 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Peggy\Desktop\rkill.exe
    [2013/02/20 12:36:41 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Peggy\Desktop\Shortcut to mbam.exe.lnk
    [2013/02/20 11:37:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Peggy\Desktop\dds.com
    [2013/02/20 11:37:51 | 000,688,992 | ---- | M] (Swearware) -- C:\Program Files\dds.com
    [2013/02/19 05:48:19 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
    [2013/02/19 04:46:33 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2013/02/18 20:40:10 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/02/18 08:38:13 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013/02/14 05:52:22 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 15:05:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 14:57:58 | 000,434,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 14:57:58 | 000,068,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/06 08:02:53 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:53 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:52 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
    [2013/02/06 08:00:34 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
     
    ========== Files Created - No Company Name ==========
     
    [2013/02/21 09:26:08 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\MBR.zip
    [2013/02/21 09:08:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\MBR.dat
    [2013/02/21 08:01:23 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\tdsskiller.zip
    [2013/02/21 07:57:55 | 000,665,658 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\TrojanRecovery.rtf
    [2013/02/20 14:11:55 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
    [2013/02/20 14:09:03 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2013/02/20 14:09:03 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2013/02/20 14:09:03 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/20 14:09:03 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/02/20 14:09:03 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk
    [2013/02/20 14:09:03 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2013/02/20 14:09:01 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
    [2013/02/20 14:09:00 | 000,002,503 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
    [2013/02/20 14:09:00 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
    [2013/02/20 14:09:00 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
    [2013/02/20 14:09:00 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
    [2013/02/20 14:09:00 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
    [2013/02/20 14:09:00 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
    [2013/02/20 14:09:00 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/02/20 14:09:00 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
    [2013/02/20 14:09:00 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/02/20 14:08:59 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2013/02/20 14:08:56 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Standard.lnk
    [2013/02/20 14:08:56 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 6.0.lnk
    [2013/02/20 12:36:41 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Peggy\Desktop\Shortcut to mbam.exe.lnk
    [2013/02/19 06:19:59 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2013/02/06 08:04:21 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2013/02/06 08:02:53 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:52 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk
    [2013/02/06 08:02:52 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
    [2013/02/06 08:00:34 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2012/07/03 08:54:20 | 000,037,207 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Comma Separated Values (Windows).ADR
    [2012/07/03 08:41:51 | 000,009,348 | ---- | C] () -- C:\Documents and Settings\Peggy\Application Data\Comma Separated Values (Windows).EML
    [2012/02/20 06:08:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/06/28 09:38:05 | 000,232,977 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
    [2011/06/28 09:38:05 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
    [2011/06/28 09:23:36 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
    [2011/06/28 09:22:36 | 000,004,684 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
    [2003/08/06 09:13:58 | 000,000,484 | ---- | C] () -- C:\Program Files\Shortcut to FTSCHEDL.lnk
     
    ========== ZeroAccess Check ==========
     
    [2003/04/09 23:48:57 | 000,000,227 | R--- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2008/02/15 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altium
    [2013/02/19 09:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
    [2009/06/25 08:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2012/11/08 06:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012/06/20 07:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/10/18 09:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/18 09:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/02/15 10:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2012/07/30 06:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2008/12/12 10:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2012/06/20 06:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2005/06/15 08:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/11/22 05:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\AVG Secure Search
    [2011/03/23 07:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Easeware
    [2003/04/10 03:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\interMute
    [2003/04/09 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\InterTrust
    [2012/07/30 07:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\IObit
    [2011/03/25 09:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Leadertech
    [2013/02/19 05:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Ozeso
    [2003/04/09 23:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\SampleView
    [2012/07/03 08:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Thunderbird
    [2012/10/10 08:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\VERITAS
    [2012/06/12 06:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
     
    ========== Purity Check ==========
     
     

    < End of report >

     

    JavaRA ran but eventually showed an error saying that the program had to close.  I tried to run it again.  It didn't display the window showing the scan progress, like it did the first time. It completed and displayed the following  log file after just a few seconds. I'm not sur if it is related, but while I was running the OTL scan the computer showed a notification to install a java update. I slected "cancle" so it wouldn't interfear with the scan.

     

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Feb 26 10:33:08 2013

    Found and removed: C:\Program Files\Java\j2re1.4.1_02

    Found and removed: C:\Program Files\Java\jre1.5.0_03

    Found and removed: C:\Program Files\Java\jre1.5.0_06

    Found and removed: C:\Program Files\Java\jre1.5.0_10

    Found and removed: C:\Program Files\Java\jre1.5.0_11

    Found and removed: C:\Program Files\Java\jre1.6.0_01

    Found and removed: C:\Program Files\Java\jre1.6.0_02

    Found and removed: C:\Program Files\Java\jre1.6.0_03

    Found and removed: C:\Program Files\Java\jre1.6.0_07

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_14

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_15

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_17

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_18

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_20

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_21

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_22

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_23

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_24

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_26

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_29

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_30

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_31

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_32

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_33

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_34

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_35

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_37

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_38

    Found and removed: C:\Documents and Settings\Peggy\Application Data\Sun\Java\jre1.6.0_39

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: Installer\Products\8A0F842331866D117AB7000B0D610007

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\Classes\JavaPlugin.141_02

    Found and removed: Software\Classes\JavaPlugin.150_03

    Found and removed: Software\Classes\JavaPlugin.150_06

    Found and removed: Software\Classes\JavaPlugin.150_10

    Found and removed: Software\Classes\JavaPlugin.150_11

    Found and removed: Software\Classes\JavaPlugin.160_01

    Found and removed: Software\Classes\JavaPlugin.160_02

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\Classes\JavaPlugin.160_07

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\Classes\JavaPlugin.141_02

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_03

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.exe

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Feb 26 10:34:59 2013

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    ------------------------------------

    Finished reporting.



    ComboFix is running now. I wanted to let you know about my problem running JavaRa in case it requires that I change what I'm doing.

     


     



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 40,190 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:06:12 AM

    Posted 26 February 2013 - 02:43 PM

    How long has ComboFix been running?



    #15 Droidling

    Droidling
    • Topic Starter

    • Members
    • 67 posts
    • OFFLINE
    •  
    • Local time:03:12 AM

    Posted 26 February 2013 - 04:46 PM

    ComboFix ran for more than an 1.5 hours. It did not download the Recovery Console. It brought up a CMD prompt window (AutoScan) that said the scan should take about 10 min. It was on that screen for well over an hour when I tried to exit the window. That locked up the computer and I had to do a hard reboot. I did disable MS Security Essentials before starting the scan. I started it up again, but it seems to have stalled out at the same place. How long should I wait? Do you want me to run the other tools even though I've had problems with 2 out of the first 3.

     

    Finally I got a security warning from Panda when I tried to download Security Check. It said; "The Web page you are trying to access contains malware and exploits that could infect your computer. We advise you not to continue visiting this page."  This was on a different computer. I have been downloading to one computer and copying the files to the infected system.

     

    I really am sorry for being such a problem. I'm trying to follow instructions as closely as I can. I just keep running into dead ends.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users