WiredWX Hobby Weather ToolsLog in

 


win32.downloader.dequ

3 posters

descriptionwin32.downloader.dequ Emptywin32.downloader.dequ

more_horiz
I have encountered 2 problems with my computer..I think they may be viruses..but I am not sure because I am not too savvy regarding computers as I am 74 years old so please be patient with me
If I have posted this message in the wrong place..I am sorry..but I sure would appreciate some help if possible.
Regards
Bruce

The 2 viruses are...win32,downloader.dequ and system.brokenfileassociation

Last edited by tingler on 27th July 2011, 9:01 pm; edited 1 time in total (Reason for editing : forgot to name the viruses)

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
Hi, welcome to GeekPolice.net!

Where are you getting those detections from? Are they from your anti-virus?

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
I ran Spybot and the scan stopped when it got to the file...win.32.downloader.dequ..and I ran Avast and it showed ..system.brokenfileassociation as a virus.

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
OTL logfile created on: 7/27/2011 10:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.09 Mb Total Physical Memory | 283.37 Mb Available Physical Memory | 27.70% Memory free
2.03 Gb Paging File | 1.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 24.09 Gb Free Space | 64.77% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 451.67 Gb Free Space | 96.98% Space Free | Partition Type: NTFS

Computer Name: BRUCE-A95ED2DF2 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/07/20 17:57:58 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/07/14 12:41:12 | 047,658,848 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files\FixCleaner\FixCleaner.exe
PRC - [2011/07/07 17:54:00 | 000,399,312 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:32 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/28 15:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- E:\Program Files\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/20 17:57:54 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/25 15:09:48 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- E:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/23 17:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 17:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:24 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/04 07:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/24 14:29:12 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/08/18 05:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/30 23:53:34 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/06/30 23:53:30 | 000,066,688 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 05:31:00 | 000,164,896 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CF 50 C3 AB 09 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ca.msn.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ala.asksearch.com/?cfg=2-208-0-0"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/30 13:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/06/24 20:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/06/24 12:05:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/27 21:20:56 | 000,000,000 | ---D | M]

[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2010/06/24 15:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/24 20:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions
[2010/06/24 21:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/24 14:24:28 | 000,000,000 | ---D | M] (Free Ride Games Community Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
[2011/03/24 14:24:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\engine@conduit.com
[2011/07/24 09:11:04 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\36ptu0va.default\extensions\plugin@yontoo.com
File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/06/23 17:18:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/24 20:24:16 | 000,435,498 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14992 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Game Master 1.1 Toolbar) - {7846ae31-bea2-438a-8f5e-2d899361656c} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Game Master 1.1 Toolbar) - {7846AE31-BEA2-438A-8F5E-2D899361656C} - C:\Program Files\Game_Master_1.1\prxtbGam0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] E:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FixCleaner] C:\Program Files\FixCleaner\FixCleaner.exe (Slimware Utilities, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277319339921 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.ca.zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/23 14:01:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/09/18 09:35:19 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 22:12:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 18:53:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/27 18:43:29 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 15:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\FixCleaner
[2011/07/27 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FixCleaner
[2011/07/27 15:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/07/27 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/07/26 15:14:14 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/26 11:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/26 11:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/26 10:24:30 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2011/07/25 04:31:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2011/07/24 20:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/07/24 20:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/07/24 20:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/24 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/07/24 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/24 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\AskToolbar
[2011/07/24 11:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/24 11:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/07/24 11:32:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/24 11:32:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/24 11:29:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bruce\Recent
[2011/07/24 11:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/07/24 09:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/24 08:51:16 | 000,000,000 | ---D | C] -- C:\rei
[2011/07/24 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/07/20 17:57:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/07/20 17:57:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/07/20 17:57:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/07/20 17:57:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/07/20 17:57:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/07/20 17:57:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/07/20 17:57:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/07/20 17:57:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/07/20 17:57:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/07/20 17:57:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/07/19 15:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\My Documents\My Scans
[2011/07/14 10:29:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/10 18:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2010/06/24 22:06:18 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 22:12:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2011/07/27 20:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/27 18:47:14 | 000,003,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/27 18:47:12 | 000,009,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/27 18:40:30 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2011/07/27 18:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/07/27 17:53:04 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank - Sign In to Online Banking.url
[2011/07/27 16:46:16 | 000,000,434 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Jay Leno's Garage.url
[2011/07/27 15:51:42 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:51:08 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Google (2).url
[2011/07/27 15:48:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.com
[2011/07/27 15:29:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/07/27 15:29:18 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/07/27 15:22:34 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/07/27 15:22:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/27 15:19:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/07/27 15:19:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/27 15:19:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 17:18:22 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Weather Forecast.url
[2011/07/26 16:33:24 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Play Dragon Portals.lnk
[2011/07/26 11:19:58 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/26 10:47:36 | 000,533,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/26 10:47:36 | 000,099,378 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/26 10:24:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 15:33:44 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\RBC Royal Bank Rates.url
[2011/07/25 12:34:20 | 000,000,374 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Royal Caribbean.url
[2011/07/25 04:44:02 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 04:40:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/25 04:37:04 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Default.job
[2011/07/24 14:48:54 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee for Pentax 2.0.lnk
[2011/07/24 14:28:06 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Play Gem Shop.lnk
[2011/07/24 12:23:12 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:12 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 12:17:48 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/24 12:17:46 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/24 08:51:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/22 13:14:02 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Hamilton Tiger-Cats Official Site of the Tiger-Cats .url
[2011/07/20 17:57:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/07/20 17:57:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/07/20 17:57:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/07/20 17:57:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/07/20 17:57:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/07/20 17:57:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/07/20 17:57:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/07/20 17:57:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/07/20 17:57:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/07/20 17:57:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/07/20 17:57:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/07/19 16:18:40 | 000,019,518 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2011/07/18 11:43:48 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\OLG -.url
[2011/07/12 14:51:46 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\MapQuest - Driving Directions - Map Directions.url
[2011/07/05 09:22:32 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Kijiji Hamilton Classifieds Free Local Classified Ads for Hamilton, Ontario.url
[2011/07/04 07:43:54 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:52 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:44 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:24 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:10 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:14 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 18:40:52 | 000,003,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/07/27 15:51:40 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\GeekPolice.net.url
[2011/07/27 15:29:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/07/27 15:29:17 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/07/27 15:23:45 | 000,009,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/26 11:19:56 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/25 04:40:22 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 12:23:11 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/24 12:23:11 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Spybot - Search & Destroy.lnk
[2011/07/24 11:33:29 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/24 08:59:54 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/24 08:51:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/19 16:13:00 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/03/24 14:23:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/08/31 13:26:22 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.4-win32.exe
[2010/07/22 08:48:17 | 019,473,201 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.1-win32.exe
[2010/07/12 16:00:34 | 019,495,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.0-win32.exe
[2010/06/29 10:38:59 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/06/27 21:12:26 | 000,166,577 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/06/27 21:12:26 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010/06/25 01:54:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/25 01:53:34 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/24 20:45:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/24 14:03:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/23 17:04:04 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 14:23:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 14:20:48 | 000,006,136 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/23 14:14:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/23 14:14:24 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/23 14:14:15 | 000,021,598 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/23 14:14:15 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/23 14:04:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 13:59:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/07 21:07:00 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/18 05:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/28 16:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,533,292 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,099,378 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

< End of report >

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
OTL Extras logfile created on: 7/27/2011 10:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.09 Mb Total Physical Memory | 283.37 Mb Available Physical Memory | 27.70% Memory free
2.03 Gb Paging File | 1.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 24.09 Gb Free Space | 64.77% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 451.67 Gb Free Space | 96.98% Space Free | Partition Type: NTFS

Computer Name: BRUCE-A95ED2DF2 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [ACDBrowse] -- "E:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\ZoneLabs\vsmon.exe" = C:\WINDOWS\System32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"E:\Program Files\LimeWire\LimeWire.exe" = E:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E8ECB62-9A91-4D24-8CC3-BC2388BF0E2E}_is1" = Disk Doctors Digital Media Recovery
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{62B9E29A-BC60-4829-8724-100ACFF7E63D}" = IObit Toolbar v4.3
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.0
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC14A340-C388-4558-83E4-B30150577931}" = FixCleaner
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for Pentax 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.3.1.2590)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlawarGameBox" = Alawar Game Box
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"exent_440850" = Traffic Jam Extreme
"exent_445950" = Puzzle Express
"exent_446150" = Flip Words
"exent_446250" = Gem Shop
"exent_447350" = Sea Bounty
"exent_452750" = Atlantis Quest
"exent_466550" = The Treasures of Montezuma
"exent_472250" = 10 Talismans
"exent_554750" = Cradle of Rome
"exent_578250" = Poker Superstars III
"exent_605350" = Magic Encyclopedia
"exent_614150" = The Lost Cases of Sherlock Holmes
"exent_647750" = Margrave Manor 2: The Lost Ship
"exent_649850" = Dragon Portals
"exent_661850" = Valerie Porter
"exent_664850" = Heroes of Hellas 2 - Olympia
"exent_666450" = Autumn's Treasures: The Jade Coin
"exent_666550" = 1001 Nights - The Adventures of Sindbad
"exent_668050" = Farm Mania 2
"exent_684050" = Love and Death: Bitten
"Free_Ride_Games Toolbar" = Free Ride Games Toolbar
"Game_Master_1.1 Toolbar" = Game Master 1.1 Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IObit Security 360_is1" = IObit Security 360
"iWinArcade" = iWin Games (remove only)
"jZip" = jZip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2011 1:19:30 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:14:33 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:14:33 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:16 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:18 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:46 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:15:55 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:17 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:35 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 11:16:40 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Application Hang | ID = 1001
Description = Fault bucket -1784725119.

[ System Events ]
Error - 7/26/2011 4:01:36 PM | Computer Name = BRUCE-A95ED2DF2 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/27/2011 11:22:47 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 11:22:47 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 11:24:11 AM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/27/2011 3:02:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 3:02:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 3:03:50 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/27/2011 3:20:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IS360service service
to connect.

Error - 7/27/2011 3:20:27 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7000
Description = The IS360service service failed to start due to the following error:
%%1053

Error - 7/27/2011 3:21:53 PM | Computer Name = BRUCE-A95ED2DF2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
I hope I did it properly

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
Hi,

Why's your name strikethrough'd?

Please download ComboFix win32.downloader.dequ Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
unfortunately I did not have any luck with this..I managed to get the combo fix file copied ..and the name changed to commy.exe..but unfortunately I had to use Firefox to get into your system because Internet Explorer kept booting me out..so when it downloaded the file through Firefox....it put it into the Firefox Download and then when I copied it to my desk top..and copied and pasted the instructions that were given it said it could not find it because it was searching in my C drive.
I hope this is understandable..but I will totally understand if it isn't..because I am not at all computer literate.
If you would prefer not to continue trying to help me..I will totally understand because I think this is all a bit too complicated for me.


Last edited by tingler on 28th July 2011, 5:58 am; edited 1 time in total

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
I think this is the Combo Log that you are looking for..it was what was printed when I clicked on it.

Output folder: C:\32788R22FWJFW
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: CSet.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.cfxxe
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.LOC
Extract: ERUNT.cfxxe
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.cfxxe
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MoveIt.bat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.cfxxe
Extract: NirCmd.chm
Extract: NirCmdC.cfxxe
Extract: OSid.vbs
Extract: P.cmd
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: Update-CF.cmd
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.cfxxe
Extract: clsid.c
Extract: dd.cfxxe
Extract: ddsDo.sed
Extract: dumphive.cfxxe
Extract: embedded.sed
Extract: extract.cfxxe
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: grep.cfxxe
Extract: gsar.cfxxe
Extract: handle.cfxxe
Extract: hidec.cfxxe
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.cfxxe
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.cfxxe
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.cfxxe
Extract: pev.cfxxe
Extract: pevb.cfxxe
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.cfxxe
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.cfxxe
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.cfxxe
Extract: setpath.cfxxe
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.cfxxe
Extract: swsc.cfxxe
Extract: swxcacls.cfxxe
Extract: system_ini.dat
Extract: tail.cfxxe... 100%
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w2k_sock.dll
Extract: w2kreg.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.cfxxe
Output folder: C:\32788R22FWJFW\EN-US
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
I have no idea why my name is strikethrough"d

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
Hi,

Did you double click on ComboFix? If not, then double click it to run it.

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
I tried to run Combofix.exe it says it is setting up a restore point..then it says it is starting to scan..then the curser flashes..and then after a while the curser stops flashing and my computer freezes.
I did get some kind of log previously that is in my message number 10
I ran it over again and just let it run all night..but nothing happened

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
Hi,

Could you please run ComboFix in Safe Mode?

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Log into an account with administrative priviliges.

descriptionwin32.downloader.dequ EmptyRe: win32.downloader.dequ

more_horiz
I tried to run Combofix in safe mode...but unfortunately it did the same thing,,,it said it was establishing a new restore date,,,then it said it was scanning and it typically should take 10 minutes but on badly infected computers it could take twice that time....then the curser flashed for about 12 minutes..then it stopped flashing and froze up.
could I have accidently screwed up the combofix when I mistakenly ran it before I renamed it and got that report that I sent to you in message 10.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum