win32.downloader.dequ

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

win32.downloader.dequ27th July 2011, 8:00 pm

I have encountered 2 problems with my computer..I think they may be viruses..but I am not sure because I am not too savvy regarding computers as I am 74 years old so please be patient with me
If I have posted this message in the wrong place..I am sorry..but I sure would appreciate some help if possible.
Regards
Bruce

The 2 viruses are...win32,downloader.dequ and system.brokenfileassociation

Last edited by tingler on 27th July 2011, 9:01 pm; edited 1 time in total (Reason for editing : forgot to name the viruses)

Re: win32.downloader.dequ27th July 2011, 10:58 pm

%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Re: win32.downloader.dequ28th July 2011, 1:52 am

Hi, welcome to GeekPolice.net!

Where are you getting those detections from? Are they from your anti-virus?

Download OTL.exe by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ28th July 2011, 2:11 am

I ran Spybot and the scan stopped when it got to the file...win.32.downloader.dequ..and I ran Avast and it showed ..system.brokenfileassociation as a virus.

Re: win32.downloader.dequ28th July 2011, 2:23 am

OTL logfile created on: 7/27/2011 10:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.09 Mb Total Physical Memory | 283.37 Mb Available Physical Memory | 27.70% Memory free
2.03 Gb Paging File | 1.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 24.09 Gb Free Space | 64.77% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 451.67 Gb Free Space | 96.98% Space Free | Partition Type: NTFS

Computer Name: BRUCE-A95ED2DF2 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/07/20 17:57:58 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/07/14 12:41:12 | 047,658,848 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files\FixCleaner\FixCleaner.exe
PRC - [2011/07/07 17:54:00 | 000,399,312 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:32 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/28 15:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- E:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:24 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/04 07:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/24 14:29:12 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/08/18 05:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/30 23:53:34 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/06/30 23:53:30 | 000,066,688 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 05:31:00 | 000,164,896 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CF 50 C3 AB 09 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ca.msn.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ala.asksearch.com/?cfg=2-208-0-0"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/30 13:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/06/24 20:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/06/24 12:05:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]

[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/24 20:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions
[2010/06/24 21:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/24 14:24:28 | 000,000,000 | ---D | M] (Free Ride Games Community Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
[2011/03/24 14:24:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\engine@conduit.com
[2011/07/24 09:11:04 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\plugin@yontoo.com
File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/06/23 17:18:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/24 20:24:16 | 000,435,498 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14992 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Game Master 1.1 Toolbar) - {7846AE31-BEA2-438A-8F5E-2D899361656C} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] E:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FixCleaner] C:\Program Files\FixCleaner\FixCleaner.exe (Slimware Utilities, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277319339921 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.ca.zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/23 14:01:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/09/18 09:35:19 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 22:12:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 18:53:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/27 18:43:29 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 15:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\FixCleaner
[2011/07/27 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FixCleaner
[2011/07/27 15:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/07/27 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/07/26 15:14:14 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/26 11:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/26 10:24:30 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2011/07/25 04:31:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2011/07/24 20:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/07/24 20:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/07/24 20:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/24 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/07/24 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/24 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\AskToolbar
[2011/07/24 11:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/24 11:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/07/24 11:32:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/24 11:29:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bruce\Recent
[2011/07/24 11:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/07/24 09:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/24 08:51:16 | 000,000,000 | ---D | C] -- C:\rei
[2011/07/24 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/07/20 17:57:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/07/20 17:57:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/07/20 17:57:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/07/20 17:57:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/07/20 17:57:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/07/20 17:57:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/07/20 17:57:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/07/20 17:57:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/07/20 17:57:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/07/20 17:57:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/07/19 15:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\My Documents\My Scans
[2011/07/14 10:29:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/10 18:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2010/06/24 22:06:18 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 20:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/27 18:47:14 | 000,003,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/27 18:47:12 | 000,009,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/27 18:40:30 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 18:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/07/27 17:53:04 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank - Sign In to Online Banking.url
[2011/07/27 16:46:16 | 000,000,434 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Jay Leno's Garage.url
[2011/07/27 15:51:42 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:51:08 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Google (2).url
[2011/07/27 15:48:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/27 15:29:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/07/27 15:29:18 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/07/27 15:22:34 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/07/27 15:22:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/27 15:19:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/07/27 15:19:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/27 15:19:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 17:18:22 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Weather Forecast.url
[2011/07/26 16:33:24 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Play Dragon Portals.lnk
[2011/07/26 11:19:58 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/26 10:47:36 | 000,533,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/26 10:47:36 | 000,099,378 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/26 10:24:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 15:33:44 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank Rates.url
[2011/07/25 12:34:20 | 000,000,374 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Royal Caribbean.url
[2011/07/25 04:44:02 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 04:40:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/25 04:37:04 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Default.job
[2011/07/24 14:48:54 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee for Pentax 2.0.lnk
[2011/07/24 14:28:06 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Play Gem Shop.lnk
[2011/07/24 12:23:12 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:12 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 12:17:48 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/24 12:17:46 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/24 08:51:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/22 13:14:02 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Hamilton Tiger-Cats Official Site of the Tiger-Cats .url
[2011/07/20 17:57:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/07/20 17:57:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/07/20 17:57:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/07/20 17:57:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/07/20 17:57:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/07/20 17:57:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/07/20 17:57:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/07/20 17:57:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/07/20 17:57:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/07/20 17:57:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/07/19 16:18:40 | 000,019,518 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2011/07/18 11:43:48 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\OLG -.url
[2011/07/12 14:51:46 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\MapQuest - Driving Directions - Map Directions.url
[2011/07/05 09:22:32 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Kijiji Hamilton Classifieds Free Local Classified Ads for Hamilton, Ontario.url
[2011/07/04 07:43:54 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:52 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:44 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:24 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:10 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:14 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 18:40:52 | 000,003,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/27 15:51:40 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:29:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/07/27 15:29:17 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/07/27 15:23:45 | 000,009,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/26 11:19:56 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/25 04:40:22 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 12:23:11 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:11 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 11:33:29 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/24 08:59:54 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/24 08:51:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/19 16:13:00 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/03/24 14:23:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/08/31 13:26:22 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.4-win32.exe
[2010/07/22 08:48:17 | 019,473,201 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.1-win32.exe
[2010/07/12 16:00:34 | 019,495,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.0-win32.exe
[2010/06/29 10:38:59 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/06/27 21:12:26 | 000,166,577 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/06/27 21:12:26 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010/06/25 01:54:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/25 01:53:34 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/24 20:45:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/24 14:03:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/23 17:04:04 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 14:23:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 14:20:48 | 000,006,136 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/23 14:14:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/23 14:14:24 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/23 14:14:15 | 000,021,598 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/23 14:14:15 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/23 14:04:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 13:59:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/07 21:07:00 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/18 05:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/28 16:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,533,292 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,099,378 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

< End of report >

Re: win32.downloader.dequ28th July 2011, 2:26 am

OTL Extras logfile created on: 7/27/2011 10:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.09 Mb Total Physical Memory | 283.37 Mb Available Physical Memory | 27.70% Memory free
2.03 Gb Paging File | 1.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 24.09 Gb Free Space | 64.77% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 451.67 Gb Free Space | 96.98% Space Free | Partition Type: NTFS

Computer Name: BRUCE-A95ED2DF2 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [ACDBrowse] -- "E:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\ZoneLabs\vsmon.exe" = C:\WINDOWS\System32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"E:\Program Files\LimeWire\LimeWire.exe" = E:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E8ECB62-9A91-4D24-8CC3-BC2388BF0E2E}_is1" = Disk Doctors Digital Media Recovery
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{62B9E29A-BC60-4829-8724-100ACFF7E63D}" = IObit Toolbar v4.3
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.0
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC14A340-C388-4558-83E4-B30150577931}" = FixCleaner
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for Pentax 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.3.1.2590)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlawarGameBox" = Alawar Game Box
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"exent_440850" = Traffic Jam Extreme
"exent_445950" = Puzzle Express
"exent_446150" = Flip Words
"exent_446250" = Gem Shop
"exent_447350" = Sea Bounty
"exent_452750" = Atlantis Quest
"exent_466550" = The Treasures of Montezuma
"exent_472250" = 10 Talismans
"exent_554750" = Cradle of Rome
"exent_578250" = Poker Superstars III
"exent_605350" = Magic Encyclopedia
"exent_614150" = The Lost Cases of Sherlock Holmes
"exent_647750" = Margrave Manor 2: The Lost Ship
"exent_649850" = Dragon Portals
"exent_661850" = Valerie Porter
"exent_664850" = Heroes of Hellas 2 - Olympia
"exent_666450" = Autumn's Treasures: The Jade Coin
"exent_666550" = 1001 Nights - The Adventures of Sindbad
"exent_668050" = Farm Mania 2
"exent_684050" = Love and Death: Bitten
"Free_Ride_Games Toolbar" = Free Ride Games Toolbar
"Game_Master_1.1 Toolbar" = Game Master 1.1 Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IObit Security 360_is1" = IObit Security 360
"iWinArcade" = iWin Games (remove only)
"jZip" = jZip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2011 1:19:30 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:14:33 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:14:33 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:16 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:18 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:46 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:55 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:17 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:35 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:40 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1001
Description = Fault bucket -1784725119.

[ System Events ]
Error - 7/26/2011 4:01:36 PM | Computer Name = BRUCE-A95ED2DF2 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/27/2011 11:22:47 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 11:22:47 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 11:24:11 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/27/2011 3:02:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 3:02:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 3:03:50 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/27/2011 3:20:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 3:20:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 3:21:53 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

< End of report >

Re: win32.downloader.dequ28th July 2011, 2:28 am

I hope I did it properly

Re: win32.downloader.dequ28th July 2011, 2:50 am

Hi,

Why's your name strikethrough'd?

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ28th July 2011, 5:20 am

unfortunately I did not have any luck with this..I managed to get the combo fix file copied ..and the name changed to commy.exe..but unfortunately I had to use Firefox to get into your system because Internet Explorer kept booting me out..so when it downloaded the file through Firefox....it put it into the Firefox Download and then when I copied it to my desk top..and copied and pasted the instructions that were given it said it could not find it because it was searching in my C drive.
I hope this is understandable..but I will totally understand if it isn't..because I am not at all computer literate.
If you would prefer not to continue trying to help me..I will totally understand because I think this is all a bit too complicated for me.

Last edited by tingler on 28th July 2011, 5:58 am; edited 1 time in total

Re: win32.downloader.dequ28th July 2011, 5:57 am

I think this is the Combo Log that you are looking for..it was what was printed when I clicked on it.

Output folder: C:\32788R22FWJFW
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: CSet.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.cfxxe
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.LOC
Extract: ERUNT.cfxxe
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.cfxxe
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MoveIt.bat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.cfxxe
Extract: NirCmd.chm
Extract: NirCmdC.cfxxe
Extract: OSid.vbs
Extract: P.cmd
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: Update-CF.cmd
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.cfxxe
Extract: clsid.c
Extract: dd.cfxxe
Extract: ddsDo.sed
Extract: dumphive.cfxxe
Extract: embedded.sed
Extract: extract.cfxxe
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: grep.cfxxe
Extract: gsar.cfxxe
Extract: handle.cfxxe
Extract: hidec.cfxxe
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.cfxxe
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.cfxxe
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.cfxxe
Extract: pev.cfxxe
Extract: pevb.cfxxe
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.cfxxe
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.cfxxe
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.cfxxe
Extract: setpath.cfxxe
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.cfxxe
Extract: swsc.cfxxe
Extract: swxcacls.cfxxe
Extract: system_ini.dat
Extract: tail.cfxxe... 100%
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w2k_sock.dll
Extract: w2kreg.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.cfxxe
Output folder: C:\32788R22FWJFW\EN-US
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

Re: win32.downloader.dequ28th July 2011, 11:10 am

~~I have no idea why my name is strikethrough"d~~

Re: win32.downloader.dequ29th July 2011, 5:31 am

Hi,

Did you double click on ComboFix? If not, then double click it to run it.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ29th July 2011, 11:27 am

I tried to run Combofix.exe it says it is setting up a restore point..then it says it is starting to scan..then the curser flashes..and then after a while the curser stops flashing and my computer freezes.
I did get some kind of log previously that is in my message number 10
I ran it over again and just let it run all night..but nothing happened

Re: win32.downloader.dequ30th July 2011, 6:27 am

Hi,

Could you please run ComboFix in Safe Mode?

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Log into an account with administrative priviliges.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ30th July 2011, 2:38 pm

I tried to run Combofix in safe mode...but unfortunately it did the same thing,,,it said it was establishing a new restore date,,,then it said it was scanning and it typically should take 10 minutes but on badly infected computers it could take twice that time....then the curser flashed for about 12 minutes..then it stopped flashing and froze up.
could I have accidently screwed up the combofix when I mistakenly ran it before I renamed it and got that report that I sent to you in message 10.

Re: win32.downloader.dequ31st July 2011, 4:04 am

Nah, it's fine. We'll have to work around and it and try to remove what's stopping ComboFix from running.

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop

Copy and paste the contents of aswMBR.txt back here for review

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ31st July 2011, 4:45 pm

I hope this worked

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-07-31 12:31:26
-----------------------------
12:31:26.703 OS Version: Windows 5.1.2600 Service Pack 3
12:31:26.703 Number of processors: 2 586 0x6B02
12:31:26.703 ComputerName: BRUCE-A95ED2DF2 UserName: Bruce
12:31:27.937 Initialize success
12:31:28.671 AVAST engine defs: 11073100
12:31:40.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
12:31:40.625 Disk 0 Vendor: ST340212 3.04 Size: 38162MB BusType: 3
12:31:40.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
12:31:40.625 Disk 1 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
12:31:40.625 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS f72d040e
12:31:40.640 Disk 0 MBR read successfully
12:31:40.640 Disk 0 MBR scan
12:31:40.640 Disk 0 Windows XP default MBR code
12:31:40.640 Disk 0 scanning sectors +78156288
12:31:40.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:59.265 Service scanning
12:32:00.031 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
12:32:00.593 Modules scanning
12:32:53.609 Disk 0 trace - called modules:
12:32:53.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
12:32:53.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8656a030]
12:32:53.640 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000063[0x86573168]
12:32:53.640 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x86584a38]
12:32:54.625 AVAST engine scan C:\WINDOWS
12:33:04.656 AVAST engine scan C:\WINDOWS\system32
12:34:37.609 AVAST engine scan C:\WINDOWS\system32\drivers
12:34:52.500 AVAST engine scan C:\Documents and Settings\Bruce
12:36:14.437 AVAST engine scan C:\Documents and Settings\All Users
12:37:16.453 Scan finished successfully
12:40:06.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
12:40:06.312 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-07-31 12:31:26
-----------------------------
12:31:26.703 OS Version: Windows 5.1.2600 Service Pack 3
12:31:26.703 Number of processors: 2 586 0x6B02
12:31:26.703 ComputerName: BRUCE-A95ED2DF2 UserName: Bruce
12:31:27.937 Initialize success
12:31:28.671 AVAST engine defs: 11073100
12:31:40.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
12:31:40.625 Disk 0 Vendor: ST340212 3.04 Size: 38162MB BusType: 3
12:31:40.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
12:31:40.625 Disk 1 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
12:31:40.625 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS f72d040e
12:31:40.640 Disk 0 MBR read successfully
12:31:40.640 Disk 0 MBR scan
12:31:40.640 Disk 0 Windows XP default MBR code
12:31:40.640 Disk 0 scanning sectors +78156288
12:31:40.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:59.265 Service scanning
12:32:00.031 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
12:32:00.593 Modules scanning
12:32:53.609 Disk 0 trace - called modules:
12:32:53.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
12:32:53.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8656a030]
12:32:53.640 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000063[0x86573168]
12:32:53.640 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x86584a38]
12:32:54.625 AVAST engine scan C:\WINDOWS
12:33:04.656 AVAST engine scan C:\WINDOWS\system32
12:34:37.609 AVAST engine scan C:\WINDOWS\system32\drivers
12:34:52.500 AVAST engine scan C:\Documents and Settings\Bruce
12:36:14.437 AVAST engine scan C:\Documents and Settings\All Users
12:37:16.453 Scan finished successfully
12:40:06.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
12:40:06.312 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"
12:43:31.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
12:43:31.234 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"

Re: win32.downloader.dequ1st August 2011, 5:37 am

Hi,

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ1st August 2011, 12:34 pm

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7344

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/1/2011 8:22:55 AM
mbam-log-2011-08-01 (08-22-30).txt

Scan type: Quick scan
Objects scanned: 186590
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\iobit toolbar\IE\4.3\iobittoolbarie.dll (PUP.Dealio.TB) -> No action taken.

Re: win32.downloader.dequ2nd August 2011, 4:09 am

Hi,

Did you remove the detections? It says: No Action Taken.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ2nd August 2011, 12:32 pm

I ran the Malware program again and it says ...No Malicious Items Detected.. and this is the report

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7344

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/2/2011 8:27:51 AM
mbam-log-2011-08-02 (08-27-50).txt

Scan type: Quick scan
Objects scanned: 191293
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: win32.downloader.dequ3rd August 2011, 4:51 am

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ3rd August 2011, 7:51 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b522dbbfd0732347a5cef0fcfe4795b9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-03 06:07:14
# local_time=2011-08-03 02:07:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5889 16768381 100 100 34024963 152203565 0 34120019
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 0 34143697 0 0
# scanned=91988
# found=8
# cleaned=8
# scan_time=15617
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127453.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127454.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127455.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{11CD7696-EA07-4D4C-8752-11BE9FED7CC5}\RP416\A0127456.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: win32.downloader.dequ4th August 2011, 5:47 am

Hi,

How's your computer running now?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ4th August 2011, 2:31 pm

There seems to be no difference regarding the "win32.downloader.dequ virus...but now I cannot access GeekPolice through Internet Explorer because it keeps booting me out.
Therefore I have to use Firefox to contact you.

Re: win32.downloader.dequ5th August 2011, 6:12 am

Does it give you a specific file path? For example: C:\Folder\Folder\File.exe?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ5th August 2011, 1:25 pm

In the path at the top of the page when I use Internet Explorer it reads

res://ieframe.dll/acr_error.htm#GeekPolice.net,http://www.GeekPolice.net/t27720-win32downloaderdequ

is this what you mean ???

Then this keeps coming up on my screen

We were unable to return you to GeekPolice.net.

Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
What you can do:
Go to your home page

Try to return to GeekPolice.net

Re: win32.downloader.dequ6th August 2011, 7:30 am

No, the filepath of the win32.downloader.dequ detection. Does it give you a filepath for that?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ6th August 2011, 12:07 pm

http://www.GeekPolice.net/t27720-win32downloaderdequ

Is this the file path that you mean ???

If it is not...where do I find it ??

Re: win32.downloader.dequ7th August 2011, 6:16 am

No, that is the URL of this thread.

Your antivirus should show the detection and where it was located. For example, C:\Windows\System32\Malware.exe

Does your antivirus show this?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ7th August 2011, 9:16 pm

I ran malware and it showed no viruses detected..so I guess it must have removed it...but it would appear that my Internet Explorer is screwed up because it will not allow me to access your site.
Maybe I don't have a virus anymore...my computer is just all screwed up.

Re: win32.downloader.dequ8th August 2011, 4:10 am

Hi,

Could you please re-run OTL?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ8th August 2011, 12:30 pm

I ran OTL and this is the log

OTL logfile created on: 8/8/2011 8:24:55 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.09 Mb Total Physical Memory | 441.78 Mb Available Physical Memory | 43.18% Memory free
2.03 Gb Paging File | 1.59 Gb Available in Paging File | 78.27% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 23.09 Gb Free Space | 62.08% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 452.41 Gb Free Space | 97.14% Space Free | Partition Type: NTFS

Computer Name: BRUCE-A95ED2DF2 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 20:59:42 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/07 17:54:00 | 000,399,312 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastSvc.exe
PRC - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/03/28 15:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/03 20:59:42 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- E:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/08/03 20:59:40 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 17:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/04 07:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/24 14:29:12 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/08/18 05:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/30 23:53:34 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/06/30 23:53:30 | 000,066,688 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 05:31:00 | 000,164,896 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CF 50 C3 AB 09 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ca.msn.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "A Free Ride Games Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "A Free Ride Games Bar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1320680&SearchSource=13"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/30 13:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/07/28 00:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/07/28 00:00:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]

[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/24 20:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions
[2010/06/24 21:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/29 03:19:54 | 000,000,000 | ---D | M] (A Free Ride Games Bar Community Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
[2011/03/24 14:24:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\engine@conduit.com
[2011/07/24 09:11:04 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\plugin@yontoo.com
[2011/06/20 14:20:46 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\searchplugins\conduit.xml
File not found (No name found) --
[2010/06/23 17:18:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/26 01:01:20 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 22:21:28 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/16 18:34:34 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 18:47:06 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/24 11:32:55 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/07/24 20:24:16 | 000,435,498 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14992 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Game Master 1.1 Toolbar) - {7846AE31-BEA2-438A-8F5E-2D899361656C} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] E:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Exetender] File not found
O4 - HKCU..\Run: [FixCleaner] C:\Program Files\FixCleaner\FixCleaner.exe (Slimware Utilities, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277319339921 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.ca.zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/23 14:01:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/09/18 09:35:19 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 17:37:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/08/06 13:19:10 | 000,000,000 | --SD | C] -- C:\commy.exe6859c
[2011/08/06 00:26:04 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[2011/08/05 15:16:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bruce\Recent
[2011/08/05 15:07:06 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/08/05 15:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Free Ride Games
[2011/08/05 15:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Free Ride Games
[2011/08/04 09:46:08 | 000,000,000 | -HSD | C] -- C:\FOUND.010
[2011/08/03 20:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 17:32:02 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2011/08/03 09:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/01 08:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Malwarebytes
[2011/08/01 08:16:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/01 08:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/01 08:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/01 08:16:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/01 08:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 16:27:54 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011/07/30 16:14:36 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011/07/30 12:39:00 | 000,000,000 | --SD | C] -- C:\commy.exe9355c
[2011/07/30 09:35:16 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2011/07/30 09:08:48 | 000,000,000 | --SD | C] -- C:\commy.exe20058c
[2011/07/29 10:22:38 | 004,165,920 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\commy.exe.exe
[2011/07/29 03:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\vlc
[2011/07/29 00:01:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/28 23:59:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/28 23:59:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/28 23:59:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/28 23:59:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/28 23:58:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/28 23:57:33 | 000,000,000 | ---D | C] -- C:\commy.exe
[2011/07/28 23:57:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/28 01:27:40 | 004,155,871 | ---- | C] (Swearware) -- C:\Documents and Settings\Bruce\My Documents\ComboFix(2).exe
[2011/07/27 22:12:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 18:53:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/27 18:43:29 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 15:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\FixCleaner
[2011/07/27 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FixCleaner
[2011/07/27 15:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/07/27 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/07/26 15:14:14 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/26 11:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/26 10:24:30 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2011/07/25 04:31:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2011/07/24 20:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/24 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/24 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\AskToolbar
[2011/07/24 11:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/24 11:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/07/24 11:32:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/24 11:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/07/24 09:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/24 08:51:16 | 000,000,000 | ---D | C] -- C:\rei
[2011/07/24 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/07/19 15:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\My Documents\My Scans
[2011/07/14 10:29:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/10 18:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2010/06/24 22:06:18 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 08:12:00 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/08/08 08:11:34 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/08/08 08:11:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/08/08 01:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/07 21:24:22 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Google (2).url
[2011/08/07 18:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/08/07 15:13:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/07 15:10:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 14:02:12 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Roxio Easy Media Creator Home (2).lnk
[2011/08/07 13:56:32 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to creator7.lnk
[2011/08/07 12:00:30 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/08/06 13:18:40 | 004,165,920 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\commy.exe.exe
[2011/08/06 12:08:12 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarm Security.lnk
[2011/08/05 17:42:56 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Hamilton Tiger-Cats Official Site of the Tiger-Cats .url
[2011/08/05 15:08:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/05 14:56:02 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank Rates.url
[2011/08/05 14:51:10 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank - Sign In to Online Banking.url
[2011/08/05 11:11:54 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\The Official WhitePages - Find People for Free.url
[2011/08/04 16:58:04 | 000,000,374 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Royal Caribbean.url
[2011/08/04 11:33:02 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/08/02 08:51:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/08/01 21:54:40 | 000,000,434 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Jay Leno's Garage.url
[2011/08/01 08:16:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 12:43:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\MBR.dat
[2011/07/31 12:31:12 | 000,000,457 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to aswMBR.lnk
[2011/07/31 11:20:48 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\eBay.url
[2011/07/31 11:19:40 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Weather Forecast.url
[2011/07/29 03:29:08 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Bruce\My Documents\Shortcut to commy.exe.lnk
[2011/07/29 03:18:02 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/29 00:01:10 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/07/28 17:36:06 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee for Pentax 2.0.lnk
[2011/07/28 10:47:58 | 000,014,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/28 01:10:00 | 004,155,871 | ---- | M] (Swearware) -- C:\Documents and Settings\Bruce\My Documents\ComboFix(2).exe
[2011/07/28 00:39:00 | 000,006,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/28 00:00:26 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/28 00:00:26 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 18:40:30 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 15:51:42 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:48:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/26 11:19:58 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/26 10:47:36 | 000,533,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/26 10:47:36 | 000,099,378 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/25 04:44:02 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 04:37:04 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Default.job
[2011/07/24 14:28:06 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Play Gem Shop.lnk
[2011/07/24 12:23:12 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:12 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 12:17:48 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/24 12:17:46 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/19 16:18:40 | 000,019,518 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2011/07/18 11:43:48 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\OLG -.url
[2011/07/12 14:51:46 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\MapQuest - Driving Directions - Map Directions.url
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 14:02:10 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Roxio Easy Media Creator Home (2).lnk
[2011/08/07 13:56:51 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to creator7.lnk
[2011/08/06 12:08:11 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarm Security.lnk
[2011/08/01 08:16:36 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 12:40:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\MBR.dat
[2011/07/31 12:31:10 | 000,000,457 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to aswMBR.lnk
[2011/07/29 03:31:27 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Bruce\My Documents\Shortcut to commy.exe.lnk
[2011/07/29 00:01:08 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/07/29 00:01:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/28 23:59:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/28 23:59:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/28 23:59:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/28 23:59:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/28 23:59:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/28 00:00:24 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/28 00:00:24 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/28 00:00:23 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/27 18:40:52 | 000,006,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/27 15:51:40 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:29:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/07/27 15:29:17 | 000,002,221 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/07/27 15:23:45 | 000,014,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/26 11:19:56 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/24 12:23:11 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:11 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 11:33:29 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/24 08:59:54 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/24 08:51:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/19 16:13:00 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/03/24 14:23:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/08/31 13:26:22 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.4-win32.exe
[2010/07/22 08:48:17 | 019,473,201 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.1-win32.exe
[2010/07/12 16:00:34 | 019,495,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.0-win32.exe
[2010/06/29 10:38:59 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/06/27 21:12:26 | 000,166,577 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/06/27 21:12:26 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010/06/25 01:54:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/25 01:53:34 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/24 20:45:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/24 14:03:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/23 17:04:04 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 14:23:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 14:20:48 | 000,006,136 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/23 14:14:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/23 14:14:24 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/23 14:14:15 | 000,021,598 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/23 14:14:15 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/23 14:04:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 13:59:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/07 21:07:00 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/18 05:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/28 16:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,533,292 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,099,378 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

< End of report >

Re: win32.downloader.dequ8th August 2011, 12:38 pm

Incidently...I tried to go to the Windows Update Site to see if maybe there were any updates available that might fix my Internet Explorer problem..and it said

403 Forbidden Access Denied

Re: win32.downloader.dequ9th August 2011, 5:20 am

Hi,

Would you like Ask Toolbar removed as well?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ9th August 2011, 9:05 am

~~I don't understand what you mean ????~~

Re: win32.downloader.dequ10th August 2011, 5:53 am

Hi,

Do you want Ask Toolbar to be removed? It is an optional removal, therefore I consult you before I remove it.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ10th August 2011, 12:57 pm

okay..remove it..and thanks for explaining it to me..
Also..I am not sure if it is a virus..but when my computer sits for a few minutes..I get a white screen.

Re: win32.downloader.dequ12th August 2011, 3:06 am

Do you get any errors before, during, or after the white screen?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ12th August 2011, 7:04 pm

I don't get any errors before during or after the white screen..after there is no activity for about ten minutes..it goes to screen saver for about 5 minutes and then it goes to white screen.

My Internet explorer has problems and keeps booting me out whenever I try to contact you using it so I have to use Mozilla.

Re: win32.downloader.dequ13th August 2011, 1:42 am

Hi,

Please download TFC by OldTimer to your desktop
Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ13th August 2011, 3:56 pm

~~I ran the program and it automatically rebooted my computer..but it did not provide a log file..was it supposed to ???~~

Re: win32.downloader.dequ14th August 2011, 4:13 am

Nah, it just cleans your temporary files. Is your computer running any better?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ14th August 2011, 8:44 pm

yes it is running much better now...but I still have the white screen problem..and there is a problem with my Internet explorer...and I think it needs to be reinstalled..but that is too much or a problem for me to handle...so I think I will just live with it

Re: win32.downloader.dequ15th August 2011, 4:02 am

Hi,

Let me ask someone about that white screen issue. Reinstalling Internet Explorer really isn't a lot of trouble.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ15th August 2011, 3:30 pm

I am willing to give it a try if you feel you I can do it
But I must warn you..I am not very computer literate

Re: win32.downloader.dequ16th August 2011, 2:20 am

Hi,

How's the Internet Explorer re-installation coming along? Also, when the white screen happens does it happen after a certain amount of inactivity, also what are you doing when it does give you a white screen and how often does it happen?

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ16th August 2011, 2:56 pm

I don't know how to re-install Internet Explorer so I haven't even attempted it...but a friend of mine is a little more computer savvy so I am going to ask him if he will drop in to help me..he lives out of town so I don't think he will be here until next week.
The white screen only appears after about 10 minutes of inactivity..and as soon as I move the mouse it disappears...it happens no matter what I am doing...

Re: win32.downloader.dequ17th August 2011, 10:14 pm

I think that is your screensaver. Right click on your desktop and go to properties and go to screensaver and change it if you want and see if it is still a white screen.

............................................................................................
I'm livin' life in the fast lane.

Re: win32.downloader.dequ18th August 2011, 4:02 pm

~~the white screen keeps showing up...I guess I will just have to live with it until I can get my Internet explorer and my XP reinstalled.~~

~~Page 1 of 2 • 1, 2~~

win32.downloader.dequ

descriptionwin32.downloader.dequ27th July 2011, 8:00 pm

descriptionRe: win32.downloader.dequ27th July 2011, 10:58 pm

descriptionRe: win32.downloader.dequ28th July 2011, 1:52 am

descriptionRe: win32.downloader.dequ28th July 2011, 2:11 am

descriptionRe: win32.downloader.dequ28th July 2011, 2:23 am

descriptionRe: win32.downloader.dequ28th July 2011, 2:26 am

descriptionRe: win32.downloader.dequ28th July 2011, 2:28 am

descriptionRe: win32.downloader.dequ28th July 2011, 2:50 am

descriptionRe: win32.downloader.dequ28th July 2011, 5:20 am

descriptionRe: win32.downloader.dequ28th July 2011, 5:57 am

descriptionRe: win32.downloader.dequ28th July 2011, 11:10 am

descriptionRe: win32.downloader.dequ29th July 2011, 5:31 am

descriptionRe: win32.downloader.dequ29th July 2011, 11:27 am

descriptionRe: win32.downloader.dequ30th July 2011, 6:27 am

descriptionRe: win32.downloader.dequ30th July 2011, 2:38 pm

descriptionRe: win32.downloader.dequ31st July 2011, 4:04 am

descriptionRe: win32.downloader.dequ31st July 2011, 4:45 pm

descriptionRe: win32.downloader.dequ1st August 2011, 5:37 am

descriptionRe: win32.downloader.dequ1st August 2011, 12:34 pm

descriptionRe: win32.downloader.dequ2nd August 2011, 4:09 am

descriptionRe: win32.downloader.dequ2nd August 2011, 12:32 pm

descriptionRe: win32.downloader.dequ3rd August 2011, 4:51 am

descriptionRe: win32.downloader.dequ3rd August 2011, 7:51 pm

descriptionRe: win32.downloader.dequ4th August 2011, 5:47 am

descriptionRe: win32.downloader.dequ4th August 2011, 2:31 pm

descriptionRe: win32.downloader.dequ5th August 2011, 6:12 am

descriptionRe: win32.downloader.dequ5th August 2011, 1:25 pm

descriptionRe: win32.downloader.dequ6th August 2011, 7:30 am

descriptionRe: win32.downloader.dequ6th August 2011, 12:07 pm

descriptionRe: win32.downloader.dequ7th August 2011, 6:16 am

descriptionRe: win32.downloader.dequ7th August 2011, 9:16 pm

descriptionRe: win32.downloader.dequ8th August 2011, 4:10 am

descriptionRe: win32.downloader.dequ8th August 2011, 12:30 pm

descriptionRe: win32.downloader.dequ8th August 2011, 12:38 pm

descriptionRe: win32.downloader.dequ9th August 2011, 5:20 am

descriptionRe: win32.downloader.dequ9th August 2011, 9:05 am

descriptionRe: win32.downloader.dequ10th August 2011, 5:53 am

descriptionRe: win32.downloader.dequ10th August 2011, 12:57 pm

descriptionRe: win32.downloader.dequ12th August 2011, 3:06 am

descriptionRe: win32.downloader.dequ12th August 2011, 7:04 pm

descriptionRe: win32.downloader.dequ13th August 2011, 1:42 am

descriptionRe: win32.downloader.dequ13th August 2011, 3:56 pm

descriptionRe: win32.downloader.dequ14th August 2011, 4:13 am

descriptionRe: win32.downloader.dequ14th August 2011, 8:44 pm

descriptionRe: win32.downloader.dequ15th August 2011, 4:02 am

descriptionRe: win32.downloader.dequ15th August 2011, 3:30 pm

descriptionRe: win32.downloader.dequ16th August 2011, 2:20 am

descriptionRe: win32.downloader.dequ16th August 2011, 2:56 pm

descriptionRe: win32.downloader.dequ17th August 2011, 10:14 pm

descriptionRe: win32.downloader.dequ18th August 2011, 4:02 pm

win32.downloader.dequ27th July 2011, 8:00 pm

Re: win32.downloader.dequ27th July 2011, 10:58 pm

Re: win32.downloader.dequ28th July 2011, 1:52 am

Re: win32.downloader.dequ28th July 2011, 2:11 am

Re: win32.downloader.dequ28th July 2011, 2:23 am

Re: win32.downloader.dequ28th July 2011, 2:26 am

Re: win32.downloader.dequ28th July 2011, 2:28 am

Re: win32.downloader.dequ28th July 2011, 2:50 am

Re: win32.downloader.dequ28th July 2011, 5:20 am

Re: win32.downloader.dequ28th July 2011, 5:57 am

Re: win32.downloader.dequ28th July 2011, 11:10 am

Re: win32.downloader.dequ29th July 2011, 5:31 am

Re: win32.downloader.dequ29th July 2011, 11:27 am

Re: win32.downloader.dequ30th July 2011, 6:27 am

Re: win32.downloader.dequ30th July 2011, 2:38 pm

Re: win32.downloader.dequ31st July 2011, 4:04 am

Re: win32.downloader.dequ31st July 2011, 4:45 pm

Re: win32.downloader.dequ1st August 2011, 5:37 am

Re: win32.downloader.dequ1st August 2011, 12:34 pm

Re: win32.downloader.dequ2nd August 2011, 4:09 am

Re: win32.downloader.dequ2nd August 2011, 12:32 pm

Re: win32.downloader.dequ3rd August 2011, 4:51 am

Re: win32.downloader.dequ3rd August 2011, 7:51 pm

Re: win32.downloader.dequ4th August 2011, 5:47 am

Re: win32.downloader.dequ4th August 2011, 2:31 pm

Re: win32.downloader.dequ5th August 2011, 6:12 am

Re: win32.downloader.dequ5th August 2011, 1:25 pm

Re: win32.downloader.dequ6th August 2011, 7:30 am

Re: win32.downloader.dequ6th August 2011, 12:07 pm

Re: win32.downloader.dequ7th August 2011, 6:16 am

Re: win32.downloader.dequ7th August 2011, 9:16 pm

Re: win32.downloader.dequ8th August 2011, 4:10 am

Re: win32.downloader.dequ8th August 2011, 12:30 pm

Re: win32.downloader.dequ8th August 2011, 12:38 pm

Re: win32.downloader.dequ9th August 2011, 5:20 am

Re: win32.downloader.dequ9th August 2011, 9:05 am

Re: win32.downloader.dequ10th August 2011, 5:53 am

Re: win32.downloader.dequ10th August 2011, 12:57 pm

Re: win32.downloader.dequ12th August 2011, 3:06 am

Re: win32.downloader.dequ12th August 2011, 7:04 pm

Re: win32.downloader.dequ13th August 2011, 1:42 am

Re: win32.downloader.dequ13th August 2011, 3:56 pm

Re: win32.downloader.dequ14th August 2011, 4:13 am

Re: win32.downloader.dequ14th August 2011, 8:44 pm

Re: win32.downloader.dequ15th August 2011, 4:02 am

Re: win32.downloader.dequ15th August 2011, 3:30 pm

Re: win32.downloader.dequ16th August 2011, 2:20 am

Re: win32.downloader.dequ16th August 2011, 2:56 pm

Re: win32.downloader.dequ17th August 2011, 10:14 pm

Re: win32.downloader.dequ18th August 2011, 4:02 pm