WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


descriptionemail was sent to all in my outlook address book with link to trojan Emptyemail was sent to all in my outlook address book with link to trojan

more_horiz
An email was sent to everyone in my address book that included a link to a trojan. I immediately changed the password to my email account. I think OTL ran once before I pasted the instructions?? I ran adwleaner but have not found a txt file yet. I will try running it again.

OTL logfile created on: 1/8/2013 6:27:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 73.88% Memory free
4.84 Gb Paging File | 3.52 Gb Available in Paging File | 72.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 128.02 Gb Free Space | 42.95% Space Free | Partition Type: NTFS

Computer Name: QUADCORE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 18:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
PRC - [2012/12/21 22:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/09/12 09:44:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/09 04:34:28 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/17 10:55:47 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/07/27 15:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/17 17:07:03 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/03/27 08:20:36 | 001,013,696 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2012/03/27 08:20:14 | 000,350,144 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/12/12 10:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 10:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2006/09/21 15:34:56 | 000,495,616 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
PRC - [2005/11/04 17:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/08 04:47:52 | 002,043,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010800\algo.dll
MOD - [2013/01/07 02:38:43 | 002,042,368 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010700\algo.dll
MOD - [2012/11/14 03:32:53 | 000,165,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Bluebeam.Utilities\f66e20c35db7a7330a8ed0783dc9af28\Bluebeam.Utilities.ni.dll
MOD - [2012/11/14 03:32:52 | 000,316,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Bluebeam.Registrati#\8727c385ed537511ca726ea1db02d57a\Bluebeam.Registration.ni.dll
MOD - [2012/11/14 03:12:22 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/14 03:11:59 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/14 03:08:51 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/14 03:08:32 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/07/27 15:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/05/17 17:07:03 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2009/04/01 11:53:42 | 000,099,328 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
MOD - [2008/03/31 12:33:15 | 000,335,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Bluebeam.Brewery\1.0.2455.27691__0c673d50796bb708\Bluebeam.Brewery.dll
MOD - [2005/11/02 09:54:48 | 002,945,024 | R--- | M] () -- C:\WINDOWS\system32\BGP851c.dll
MOD - [2005/06/07 08:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\020653~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0206531322785919mcinstcleanup)
SRV - [2012/12/21 20:41:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 09:44:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/26 10:20:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 08:20:36 | 001,013,696 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/30 02:31:50 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/02/02 01:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/04/03 14:46:03 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) [Disabled | Stopped] -- C:\PowerPanel\upssrv.exe -- (CyberPowerUPS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/07/15 13:42:00 | 000,081,920 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2010/06/30 02:32:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 02:31:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/05 21:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/10/15 10:05:54 | 000,016,000 | ---- | M] (SysNucleus) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\udsstub.sys -- (udsstub)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/03/27 18:31:44 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/18 03:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/05/10 12:33:58 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/19 08:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 08:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 08:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 08:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 08:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 08:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/01/16 14:46:08 | 000,050,576 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppadt40.sys -- (dot4)
DRV - [2001/01/16 14:44:36 | 000,017,872 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppausb0.sys -- (dot4usb)
DRV - [2001/01/16 13:43:34 | 000,015,792 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaprt0.sys -- (Dot4Print)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/yme/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.att.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 33 21 52 7D 5C CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {752929fc-c897-4620-9fa8-0303247277e2} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKCU\..\SearchScopes\{20A635E7-1E4F-417A-B13A-1B78A45710AC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8eb
IE - HKCU\..\SearchScopes\{34D2BA0D-EE4A-41E8-B176-CB5CD0638CFC}: "URL" = http://www.att.net/s/s.dll?spage=search%2Fwebresults.htm&advanced=1&vl={searchTerms}&vlsel=1&vp=&vpsel=1&vy=&vysel=1&ve=&vesel=any®ion=&lang=&format=&domain=&safe=&numresults=10&submit2=Search+Yahoo
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
IE - HKCU\..\SearchScopes\{944AEDFC-8760-4A01-9723-211C8713BA76}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={selection}
IE - HKCU\..\SearchScopes\{AAA76455-D8B2-4C81-B98E-0827CE8052ED}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Owner\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/11/08 16:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2012/11/08 16:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/20 12:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/10 09:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/11 16:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/08/17 10:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4nffxtbr@ConservativeTalkNow_4n.com: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin [2012/10/19 11:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/21 20:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/08 16:10:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/11 16:44:33 | 000,000,000 | ---D | M]

[2009/01/12 17:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/11/09 13:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions
[2011/06/19 10:21:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/12 17:13:16 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2012/11/09 13:26:28 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\OneClickDownload@OneClickDownload.com
[2012/06/29 13:48:51 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\plugin@yontoo.com
[2012/04/17 16:21:18 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2009/01/12 17:13:58 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\aim-search.xml
[2008/06/15 20:04:54 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\siteadvisor.xml
[2012/02/06 14:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/21 20:41:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/07 11:07:38 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/12/21 20:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/21 20:41:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.avg.com/?cid={C9E7698F-D4DB-44AF-B82F-FFDC804C1B0E}&mid=17b6845efe5447d08246d1542683b391-e9ea9444453b9dabeb7f18711eb0648d668780d2&lang=en&ds=is015&pr=sa&d=2012-07-07 12:07:52&v=11.1.0.12&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={C9E7698F-D4DB-44AF-B82F-FFDC804C1B0E}&mid=17b6845efe5447d08246d1542683b391-e9ea9444453b9dabeb7f18711eb0648d668780d2&lang=en&ds=is015&pr=sa&d=2012-07-07 12:07:52&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://isearch.avg.com/?cid={C9E7698F-D4DB-44AF-B82F-FFDC804C1B0E}&mid=17b6845efe5447d08246d1542683b391-e9ea9444453b9dabeb7f18711eb0648d668780d2&lang=en&ds=is015&pr=sa&d=2012-07-07 12:07:52&v=11.1.0.12&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Consona SmartIssue Plugin (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll
CHR - plugin: Consona Script Runner Plugin for Firefox (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: OneClickDownload = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.2_0\

O1 HOSTS File: ([2011/12/01 19:45:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe File not found
O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylabbill.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: remititonline.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} https://content.ilinc.com/clientdownload/download/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www1.snapfish.com/SnapfishOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.evite.com/html/imageUpload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://telluridemountainproperties-east.viewnetcam.com:50000/SysCamInst.cab (AudioClient Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://redvector.webex.com/client/T27LB/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60DCFF1-1651-438B-B98E-C6DF61103019}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 17:04:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "WinDefend"
MsConfig - Services: "SeaPort"
MsConfig - Services: "NVSvc"
MsConfig - Services: "mfevtp"
MsConfig - Services: "mfefire"
MsConfig - Services: "McShield"
MsConfig - Services: "McProxy"
MsConfig - Services: "McODS"
MsConfig - Services: "McNASvc"
MsConfig - Services: "McNaiAnn"
MsConfig - Services: "mcmscsvc"
MsConfig - Services: "McMPFSvc"
MsConfig - Services: "McComponentHostService"
MsConfig - Services: "McciServiceHost"
MsConfig - Services: "McciCMService"
MsConfig - Services: "McAfee SiteAdvisor Service"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "IntuitUpdateService"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "CyberPowerUPS"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - Services: "CCALib8"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Autodesk Licensing Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "Amazon Download Agent"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: 36X Raid Configurer - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: AmazonGSDownloaderTray - hkey= - key= - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
MsConfig - StartUpReg: ATT-SST_McciTrayApp - hkey= - key= - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
MsConfig - StartUpReg: BellSouthWCC_McciTrayApp - hkey= - key= - C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: Bing Bar - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTHelper - hkey= - key= - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: CTxfiHlp - hkey= - key= - File not found
MsConfig - StartUpReg: HP AutoIndexer - hkey= - key= - File not found
MsConfig - StartUpReg: HP SchedIndexer - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\WINDOWS\RaidTool\xInsIDE.exe ()
MsConfig - StartUpReg: MicroBrew - hkey= - key= - C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
MsConfig - StartUpReg: Microsoft Default Manager - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PbAdminACAD - hkey= - key= - C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RCSystem - hkey= - key= - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - File not found
MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UpdateFlow.ATT-SST - hkey= - key= - C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: VolPanel - hkey= - key= - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig - StartUpReg: ymetray - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {35CB31D6-C496-F1F5-D9EC-11F57DF7BE5F} - Internet Explorer
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61F684C7-B71D-C06D-8637-87A1C70CAFF6} - Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {851FDFAC-B3F9-435A-A49C-B4F18A1737E7} - Microsoft Silverlight 3.0
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{C92EB41C-D4C5-4CCA-A444-318AE7FB6FC2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Part 2 of OTL txt file:

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/08 18:26:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2012/12/21 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/12/21 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/19 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/19 12:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/19 12:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/19 12:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/11 16:38:15 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/08 18:47:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
[2013/01/08 18:39:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/08 18:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/08 18:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2013/01/08 13:27:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/08 10:13:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/08 05:39:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/08 01:41:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/05 13:46:18 | 004,596,321 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BAR800A.pdf
[2013/01/04 14:25:00 | 005,109,775 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\GunControl.wmv
[2013/01/03 15:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/03 14:55:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/03 14:53:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/03 14:53:28 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/03 14:52:02 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/03 14:52:02 | 000,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/03 14:52:02 | 000,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/03 14:52:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/01/03 14:52:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/12/30 11:29:27 | 001,781,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\516-Patrol-16-sell[1].pdf
[2012/12/22 03:24:17 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/22 03:23:53 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2012/12/22 03:17:34 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/21 23:29:19 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2012/12/21 23:29:19 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\A18EBC
[2012/12/19 12:03:01 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/12 13:41:29 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/12 03:04:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/05 13:46:18 | 004,596,321 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BAR800A.pdf
[2013/01/04 14:25:00 | 005,109,775 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\GunControl.wmv
[2012/12/31 13:04:01 | 000,171,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/30 11:29:27 | 001,781,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\516-Patrol-16-sell[1].pdf
[2012/12/19 12:03:01 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/08/11 11:34:00 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/07/06 12:28:54 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Owner\secsetup.sdb
[2012/04/30 15:10:52 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2012/04/11 16:38:41 | 000,237,732 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2012/04/11 16:38:41 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2012/03/19 09:14:17 | 002,515,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-2049760794-725345543-1003-0.dat
[2012/03/19 09:14:16 | 000,260,090 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/09 14:35:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 23:19:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 15:21:41 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/12/12 15:21:41 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/11/27 17:42:41 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18iMfb.dat
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1w15mg3p30e624
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624
[2011/07/15 14:00:07 | 000,077,349 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2011/06/30 15:32:37 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/06/14 11:55:59 | 000,237,689 | ---- | C] () -- C:\WINDOWS\hpwins20.dat.temp
[2011/06/14 11:55:58 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat.temp
[2011/04/02 11:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/08/26 16:56:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\LOG
[2008/03/27 11:12:15 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 14:01:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/03/25 16:09:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/21 20:41:03 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/21 20:41:03 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/21 20:41:03 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/21 20:41:08 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/21 20:41:08 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/21 20:41:08 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/21 20:41:03 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/21 20:41:03 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/21 20:41:03 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/21 20:41:08 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/21 20:41:08 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/21 20:41:08 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >
[2008/03/24 11:55:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/03/24 11:55:12 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/03/24 11:55:12 | 000,917,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >
[2011/11/27 11:27:18 | 000,706,976 | ---- | M] (Enigma Software Group USA, LLC.) MD5=F2BADF259C43331C8CE230AD8BA8B7B6 -- C:\SpyHunter-Installer.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2012/06/29 13:55:14 | 000,000,000 | ---D | M] -- C:\Program Files\1ClickDownload
[2011/08/04 19:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/04/15 08:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/04/08 12:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Photoshop.com Uploader
[2008/03/24 17:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/12/12 14:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/03/04 11:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2012/03/29 22:30:32 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2008/03/25 16:24:35 | 000,000,000 | ---D | M] -- C:\Program Files\AnswerWorks 4.0
[2011/09/27 15:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/25 10:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-HSI
[2010/07/05 19:10:30 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2008/03/24 17:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Attansic
[2011/06/06 12:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\ATTSA
[2009/04/25 11:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\ATTToolbar
[2011/02/23 16:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2008/04/12 12:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Audit Support Center
[2012/08/08 09:42:52 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2006
[2008/11/04 11:29:08 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD Civil 3D 2008
[2012/08/29 13:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2011/12/12 15:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2009/04/25 11:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouthWCC
[2008/03/31 12:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\Bluebeam Software
[2011/10/20 15:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/04/12 12:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2012/04/30 15:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/09/12 09:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/03/24 17:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2012/10/19 11:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\ConservativeTalkNow_4n
[2012/04/19 09:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/05/08 18:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/03/24 17:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Installation Information
[2012/01/05 21:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2013/01/08 00:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\CyberPower PowerPanel Personal Edition
[2009/10/02 17:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/03/26 15:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Eagle Point Software
[2010/01/06 09:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2009/10/02 17:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2009/10/02 17:46:13 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2011/11/12 22:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/24 17:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2012/06/12 16:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/04/11 16:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/05/02 11:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Hydraflow
[2009/01/20 13:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\iLinc
[2008/05/08 20:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2012/01/13 18:22:13 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2008/03/24 17:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/12/12 03:04:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/03/27 14:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2012/12/19 12:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/12/19 12:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/12/11 21:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/25 18:55:16 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2008/07/22 16:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2012/06/12 13:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/24 10:41:27 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/02/24 16:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/08/18 11:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/07/08 10:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/03/24 21:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/03/24 17:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/04/16 10:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/12/19 12:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/04/03 14:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2012/03/09 14:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/06/13 16:20:10 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2013/01/06 22:46:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/12/21 20:41:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/08/07 02:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/16 10:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/03/24 17:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/03/24 17:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/11/13 03:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/05/01 10:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\MyPublisher
[2008/08/18 11:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2012/11/29 17:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Online Armor
[2008/03/24 17:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/17 03:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/09/19 19:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Pandora
[2008/06/18 14:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2012/05/22 16:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2012/11/08 16:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/03/27 18:24:35 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/03/24 17:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/07 02:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/09/27 16:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2012/05/31 14:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2008/03/28 10:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2011/06/06 12:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\TESTRM
[2010/01/02 14:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2012/03/09 14:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2008/03/24 17:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2011/07/10 11:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/03/31 10:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\viewsonic
[2011/05/20 11:21:46 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/03/24 17:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/03/24 17:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/18 11:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/18 11:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/03/24 17:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2008/03/24 17:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/06/18 15:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2012/06/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo

< %appdata%\*.* >
[2008/03/24 11:56:43 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2012/07/19 17:34:03 | 000,083,584 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

< MD5 for: AFD.SYS >
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 08:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 10:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 05:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2006/02/28 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/10/16 09:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 08:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 05:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 08:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2007/09/11 15:20:13 | 016,774,755 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/18 11:07:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel#1\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel#1\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2007/09/11 15:07:14 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=87F3E2D2A3231F820F9248DB90090F42 -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2008/02/20 13:49:36 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=6333C7E182E5B6247500188D28214DEF -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2006/02/28 07:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
[2009/04/20 12:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/10/31 17:14:04 | 000,008,728 | ---- | M] () MD5=07C0EEFCED87271FD2844DA8EE8B6042 -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\Locales\es.dll
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2012/08/17 17:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Program Files\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
[2007/09/11 15:07:20 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=3D9418CF112A11ADC45E2A0C0A44DF47 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2012/10/10 05:05:14 | 000,008,728 | ---- | M] () MD5=543EC1FF66953631A17477AEC9C7A111 -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\Locales\es.dll
[2012/12/04 20:14:39 | 000,009,320 | ---- | M] () MD5=8A0A276C92283AFB871B8D692C207C23 -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\Locales\es.dll
[2008/07/07 15:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2012/10/03 20:14:58 | 000,008,728 | ---- | M] () MD5=CA2C5AA0DAC841157AE8680A48700073 -- C:\Program Files\Google\Chrome\Application\22.0.1229.92\Locales\es.dll
[2012/11/13 21:10:22 | 000,009,320 | ---- | M] () MD5=CE1DEB45766BDE8ABBC90A4F780F2974 -- C:\Program Files\Google\Chrome\Application\23.0.1271.91\Locales\es.dll
[2012/11/27 22:42:40 | 000,009,320 | ---- | M] () MD5=CFEBBFA78448CCD8E6EFE1F1062F1AB9 -- C:\Program Files\Google\Chrome\Application\23.0.1271.95\Locales\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\ERDNT\cache\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2012/08/29 21:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Program Files\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2008/07/07 15:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
[2012/09/25 04:41:57 | 000,008,728 | ---- | M] () MD5=FABB2C5368FC626FB1D2A214028DF8EF -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\Locales\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/09/11 15:11:13 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2006/02/28 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006/02/28 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2006/02/28 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2007/09/11 15:08:30 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll

< MD5 for: QMGR.DLL >
[2007/09/11 15:11:45 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=17A0D43C80DB5348759C649835A78CFC -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 05:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2007/09/11 15:11:48 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=B1CD945981445A170ECC710E8A0EC688 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/02/28 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2006/02/28 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2006/02/28 07:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2007/10/30 11:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 05:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2007/09/11 15:09:26 | 000,360,704 | ---- | M] (Microsoft Corporation) MD5=E6B15BCC470953E600EF7ADED3CAB142 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006/02/28 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2006/02/28 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2006/02/28 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2006/02/28 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2007/09/11 15:09:50 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=478995B4555958E52388496618D9C678 -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2007/09/11 15:12:12 | 000,025,944 | ---- | M] (Microsoft Corporation) MD5=D29AD7484B98279ED21877DE051A180F -- C:\WINDOWS\system32\dllcache\wuauserv.dll
[2007/09/11 15:12:12 | 000,025,944 | ---- | M] (Microsoft Corporation) MD5=D29AD7484B98279ED21877DE051A180F -- C:\WINDOWS\system32\wuauserv.dll

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.12__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.12_x-ww_a732e0a -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.22__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.0.335.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.12__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.12_x-ww_c5e9e602 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.22__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.0.335.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.66.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.66.0_x-ww_7acf93b2 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.66.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.66.0_x-ww_d938aa2c -> Junction

< End of report >

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
# AdwCleaner v2.105 - Logfile created 01/08/2013 at 20:14:14
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - QUADCORE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [11169 octets] - [08/01/2013 19:26:59]
AdwCleaner[S2].txt - [1105 octets] - [08/01/2013 20:14:14]

########## EOF - C:\AdwCleaner[S2].txt - [1165 octets] ##########

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Hi there!

ComboFix scan

Please download ComboFixemail was sent to all in my outlook address book with link to trojan Combofix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
ComboFix 13-01-08.01 - Owner 01/08/2013 22:02:27.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2347 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Owner\g2mdlhlpx.exe
C:\Documents and Settings\Owner\My Documents\~WRL2681.tmp
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\fusion.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll.local
C:\WINDOWS\system32\URTTemp\mscorsn.dll
C:\WINDOWS\system32\URTTemp\mscorwks.dll
C:\WINDOWS\system32\URTTemp\msvcr71.dll
C:\WINDOWS\system32\URTTemp\regtlib.exe
C:\WINDOWS\windef
C:\WINDOWS\windef\hidec.exe

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I don't have McAfee installed any more...I use avast. Not sure why it is still showing up.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
The log is incomplete. Look in C:\ComboFix.txt and redo the copy and paste. It should be a fairly long log. Smile...

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
This was the only file I could find in the C: dir. Should i run combofix again.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Please do and post a log. Smile...

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
ComboFix 13-01-08.01 - Owner 01/09/2013 17:47:56.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2374 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\My Documents\~WRL2681.tmp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\windef\hidec.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2012-12-22 01:41 . 2012-12-22 01:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-12-22 01:41 . 2012-12-22 01:41 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-12-22 01:41 . 2012-12-22 01:41 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-12-22 01:41 . 2012-12-22 01:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-12-22 01:41 . 2012-12-22 01:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-12-19 17:02 . 2012-12-19 17:02 -------- d-----w- c:\program files\iPod
2012-12-19 17:02 . 2012-12-19 17:02 -------- d-----w- c:\program files\iTunes
2012-12-19 17:02 . 2012-12-19 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-11 21:38 . 2012-11-02 02:02 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2007-09-11 20:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2006-02-28 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2007-09-11 20:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2007-09-11 20:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2007-09-11 20:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2007-09-11 20:12 385024 ----a-w- c:\windows\system32\html.iec
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-12-22 01:41 . 2011-05-20 21:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-25 68856]
"Spotify Web Helper"="c:\documents and settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-17 932528]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-08-17 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PbAdminACAD"="c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe" [2006-09-21 217088]
"MicroBrew"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe" [2006-09-21 495616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-11-01 2531104]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2012-03-27 350144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-11-01 358840]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-08 16:06 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-02-02 06:32 246272 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-06-30 07:39 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthWCC_McciTrayApp]
2006-03-10 18:01 543232 ----a-w- c:\program files\BellSouthWCC\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 15:46 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-21 14:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroBrew]
2006-09-21 20:34 495616 ----a-w- c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PbAdminACAD]
2006-09-21 20:37 217088 ----a-w- c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-11-04 22:07 49152 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-08-17 15:55 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 15:28 16126464 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-06 17:22 1822720 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-25 22:19 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateFlow.ATT-SST]
2010-06-30 07:39 1057792 ----a-w- c:\program files\ATT-SST\McciBrowser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-07-28 13:56 122880 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"WinDefend"=2 (0x2)
"SeaPort"=2 (0x2)
"NVSvc"=2 (0x2)
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McComponentHostService"=3 (0x3)
"McciServiceHost"=2 (0x2)
"McciCMService"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"CyberPowerUPS"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Amazon Download Agent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/12/2011 3:06 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/12/2011 3:06 PM 353688]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/12/2011 3:21 PM 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [12/12/2011 3:21 PM 40296]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/12/2011 3:21 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/12/2011 3:21 PM 29464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/12/2011 3:06 PM 21256]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [12/12/2011 3:21 PM 207936]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/24/2008 5:27 PM 38656]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [7/7/2012 11:25 AM 81920]
R3 udsstub;USBDeviceShare USB Device Stub;c:\windows\system32\drivers\udsstub.sys [7/7/2012 11:20 AM 16000]
S2 0206531322785919mcinstcleanup;McAfee Application Installer Cleanup (0206531322785919);c:\docume~1\Owner\LOCALS~1\Temp\020653~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Owner\LOCALS~1\Temp\020653~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [12/12/2011 3:21 PM 4363040]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/19/2009 2:03 PM 317440]
S4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [7/5/2010 7:05 PM 315392]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 15:20]
.
2013-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-01-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 16:21]
.
2013-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-25 06:35]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:24]
.
2013-01-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2013-01-09 c:\windows\Tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
- c:\windows\system32\msfeedssync.exe [2008-03-24 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: mylabbill.com\www
Trusted Zone: remititonline.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxps://content.ilinc.com/clientdownload/download/ilinci86.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: !HIDDEN! 2009-08-08 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-04-11 17:44; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP SchedIndexer - c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
HKLM-Run-HP AutoIndexer - c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
MSConfigStartUp-HP AutoIndexer - c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
MSConfigStartUp-HP SchedIndexer - c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-ymetray - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 17:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2013-01-09 18:00:26
ComboFix-quarantined-files.txt 2013-01-09 23:00
.
Pre-Run: 142,932,115,456 bytes free
Post-Run: 142,907,891,712 bytes free
.
- - End Of File - - FB84953A4820DD8E4569B839E4111C98

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Hitman Pro

Please download Hitman Pro


  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please



Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.

  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.



Lastly, open up OTL, press Quick Scan, and post a new log, please. Big Grin

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz

Code:


HitmanPro 3.7.0.185
www.hitmanpro.com

  Computer name . . . . : QUADCORE
  Windows . . . . . . . : 5.1.3.2600.X86/4
  User name . . . . . . : QUADCORE\Owner
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-01-10 10:54:37
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 7m 57s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 50

  Objects scanned . . . : 1,086,394
  Files scanned . . . . : 55,711
  Remnants scanned  . . : 261,352 files / 769,331 keys

Suspicious files ____________________________________________________________

  C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
      Size . . . . . . . : 524,288 bytes
      Age  . . . . . . . : 1103.5 days (2010-01-02 23:17:29)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : F5DFA66D479F82324C9014FA21A531F35EC8F5093C0FE627DCF7A0386F8C4C9C
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 26.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.


Cookies _____________________________________________________________________

  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:a1.interclick.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:ad.360yield.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:ad.yieldmanager.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:adbrite.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:apmebf.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:at.atwola.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:atdmt.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:burstnet.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:c.atdmt.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:casalemedia.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:dmtracker.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:doubleclick.net
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:h.atdmt.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:interclick.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:invitemedia.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:mediaplex.com
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:revsci.net
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:specificclick.net
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:usatoday1.112.2o7.net
  C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\cookies.sqlite:www.googleadservices.com
  C:\Documents and Settings\Owner\Cookies\23FFWFRX.txt
  C:\Documents and Settings\Owner\Cookies\4FB29MEN.txt
  C:\Documents and Settings\Owner\Cookies\5UM2OC12.txt
  C:\Documents and Settings\Owner\Cookies\6JFZSBR0.txt
  C:\Documents and Settings\Owner\Cookies\7JEYUT7L.txt
  C:\Documents and Settings\Owner\Cookies\8ONBFBXB.txt
  C:\Documents and Settings\Owner\Cookies\9OAABO3K.txt
  C:\Documents and Settings\Owner\Cookies\A93TKCGP.txt
  C:\Documents and Settings\Owner\Cookies\ANYJVI9D.txt
  C:\Documents and Settings\Owner\Cookies\BPIQP7MV.txt
  C:\Documents and Settings\Owner\Cookies\E4OESTOO.txt
  C:\Documents and Settings\Owner\Cookies\EEEJ1YWY.txt
  C:\Documents and Settings\Owner\Cookies\G4Y8XU3H.txt
  C:\Documents and Settings\Owner\Cookies\ICDQXA8D.txt
  C:\Documents and Settings\Owner\Cookies\IR8ZJ5ZP.txt
  C:\Documents and Settings\Owner\Cookies\IUTVAN8O.txt
  C:\Documents and Settings\Owner\Cookies\J1KSPKVZ.txt
  C:\Documents and Settings\Owner\Cookies\JQAWET4E.txt
  C:\Documents and Settings\Owner\Cookies\KNU02BH2.txt
  C:\Documents and Settings\Owner\Cookies\NPYXUC5P.txt
  C:\Documents and Settings\Owner\Cookies\PCG1TM0K.txt
  C:\Documents and Settings\Owner\Cookies\QJ02IUNJ.txt
  C:\Documents and Settings\Owner\Cookies\RHF80SBS.txt
  C:\Documents and Settings\Owner\Cookies\S2H2H6E9.txt
  C:\Documents and Settings\Owner\Cookies\V0XTHE6J.txt
  C:\Documents and Settings\Owner\Cookies\W9PGMCFZ.txt
  C:\Documents and Settings\Owner\Cookies\XL2X7E2K.txt
  C:\Documents and Settings\Owner\Cookies\XXK4PDGO.txt
  C:\Documents and Settings\Owner\Cookies\ZWDQPLIB.txt



descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 01/10/2013 at 11:09:53.04
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-823518204-2049760794-725345543-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\sbvr156n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\4nffxtbr@conservativetalknow_4n.com
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\sbvr156n.default\prefs.js

user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics");
user_pref("extentions.y2layers.installId", "31993aac-2d4a-43b1-af9e-f606a2a9db47");
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\sbvr156n.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/10/2013 at 11:14:38.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
OTL logfile created on: 1/10/2013 11:41:02 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 72.73% Memory free
4.84 Gb Paging File | 4.16 Gb Available in Paging File | 86.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 132.08 Gb Free Space | 44.31% Space Free | Partition Type: NTFS

Computer Name: QUADCORE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 18:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
PRC - [2012/12/21 22:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/09/12 09:44:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/09 04:34:28 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/17 10:55:47 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/17 17:07:03 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/03/27 08:20:36 | 001,013,696 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2012/03/27 08:20:14 | 000,350,144 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/12/12 10:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 10:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2006/09/21 15:34:56 | 000,495,616 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
PRC - [2005/11/04 17:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 08:19:30 | 002,043,392 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13011000\algo.dll
MOD - [2013/01/10 03:16:48 | 000,316,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Bluebeam.Registrati#\f4c5dad00f8ffb50d1df217b12f002bd\Bluebeam.Registration.ni.dll
MOD - [2013/01/10 03:16:48 | 000,165,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Bluebeam.Utilities\396b4fd838997d8a88eac8ef8f78f765\Bluebeam.Utilities.ni.dll
MOD - [2013/01/10 03:15:04 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:14:53 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 03:13:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 03:13:31 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 16:13:39 | 002,043,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010901\algo.dll
MOD - [2012/05/17 17:07:03 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2009/04/01 11:53:42 | 000,099,328 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
MOD - [2008/03/31 12:33:15 | 000,335,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Bluebeam.Brewery\1.0.2455.27691__0c673d50796bb708\Bluebeam.Brewery.dll
MOD - [2005/11/02 09:54:48 | 002,945,024 | R--- | M] () -- C:\WINDOWS\system32\BGP851c.dll
MOD - [2005/06/07 08:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\020653~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0206531322785919mcinstcleanup)
SRV - [2013/01/10 10:44:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 20:41:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 09:44:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/27 08:20:36 | 001,013,696 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/30 02:31:50 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/02/02 01:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/04/03 14:46:03 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) [Disabled | Stopped] -- C:\PowerPanel\upssrv.exe -- (CyberPowerUPS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/07/15 13:42:00 | 000,081,920 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2010/06/30 02:32:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 02:31:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/05 21:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/10/15 10:05:54 | 000,016,000 | ---- | M] (SysNucleus) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\udsstub.sys -- (udsstub)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/03/27 18:31:44 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/18 03:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/05/10 12:33:58 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/19 08:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 08:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 08:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 08:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 08:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 08:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/01/16 14:46:08 | 000,050,576 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppadt40.sys -- (dot4)
DRV - [2001/01/16 14:44:36 | 000,017,872 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppausb0.sys -- (dot4usb)
DRV - [2001/01/16 13:43:34 | 000,015,792 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaprt0.sys -- (Dot4Print)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/yme/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.att.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 33 21 52 7D 5C CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKCU\..\SearchScopes\{20A635E7-1E4F-417A-B13A-1B78A45710AC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8eb
IE - HKCU\..\SearchScopes\{34D2BA0D-EE4A-41E8-B176-CB5CD0638CFC}: "URL" = http://www.att.net/s/s.dll?spage=search%2Fwebresults.htm&advanced=1&vl={searchTerms}&vlsel=1&vp=&vpsel=1&vy=&vysel=1&ve=&vesel=any®ion=&lang=&format=&domain=&safe=&numresults=10&submit2=Search+Yahoo
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
IE - HKCU\..\SearchScopes\{944AEDFC-8760-4A01-9723-211C8713BA76}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={selection}
IE - HKCU\..\SearchScopes\{AAA76455-D8B2-4C81-B98E-0827CE8052ED}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Owner\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/11/08 16:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2012/11/08 16:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/20 12:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/10 09:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/11 16:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/08/17 10:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/21 20:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/10 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/11 16:44:33 | 000,000,000 | ---D | M]

[2009/01/12 17:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/01/10 11:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions
[2011/06/19 10:21:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/17 16:21:18 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2009/01/12 17:13:58 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\aim-search.xml
[2008/06/15 20:04:54 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\siteadvisor.xml
[2012/02/06 14:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SBVR156N.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012/12/21 20:41:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/12/21 20:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/21 20:41:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Consona SmartIssue Plugin (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll
CHR - plugin: Consona Script Runner Plugin for Firefox (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2013/01/08 22:13:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylabbill.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: remititonline.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} https://content.ilinc.com/clientdownload/download/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www1.snapfish.com/SnapfishOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.evite.com/html/imageUpload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://telluridemountainproperties-east.viewnetcam.com:50000/SysCamInst.cab (AudioClient Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://redvector.webex.com/client/T27LB/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60DCFF1-1651-438B-B98E-C6DF61103019}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 17:04:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/10 11:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/10 11:09:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/10 11:09:16 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\My Documents\JRT.exe
[2013/01/10 10:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/10 10:52:51 | 008,939,896 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Owner\My Documents\HitmanPro.exe
[2013/01/08 22:00:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/08 22:00:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/08 22:00:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/08 22:00:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/08 21:56:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/08 21:55:07 | 005,019,950 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2013/01/08 18:26:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2012/12/21 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/12/21 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/19 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/19 12:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/19 12:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/19 12:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2013/01/10 11:39:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 11:33:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/10 11:32:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
[2013/01/10 11:09:17 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\My Documents\JRT.exe
[2013/01/10 10:52:51 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Owner\My Documents\HitmanPro.exe
[2013/01/10 10:43:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/10 05:39:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 03:31:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/10 03:29:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/10 03:29:38 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 03:28:48 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/10 03:28:48 | 000,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/10 03:28:48 | 000,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/10 03:28:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/01/10 03:28:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013/01/10 03:13:00 | 000,475,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 03:13:00 | 000,077,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 01:41:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/09 13:27:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/08 22:13:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/08 21:55:39 | 005,019,950 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2013/01/08 19:24:24 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\adwcleaner.exe
[2013/01/08 18:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2013/01/05 13:46:18 | 004,596,321 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BAR800A.pdf
[2013/01/04 14:25:00 | 005,109,775 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\GunControl.wmv
[2013/01/03 15:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/30 11:29:27 | 001,781,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\516-Patrol-16-sell[1].pdf
[2012/12/22 03:24:17 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/22 03:23:53 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2012/12/22 03:17:34 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/22 03:01:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/21 23:29:19 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2012/12/21 23:29:19 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\A18EBC
[2012/12/19 12:03:01 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/12 13:41:29 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/01/08 22:00:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/08 22:00:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/08 22:00:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/08 22:00:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/08 22:00:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/08 19:24:06 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\adwcleaner.exe
[2013/01/05 13:46:18 | 004,596,321 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BAR800A.pdf
[2013/01/04 14:25:00 | 005,109,775 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\GunControl.wmv
[2012/12/30 11:29:27 | 001,781,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\516-Patrol-16-sell[1].pdf
[2012/12/19 12:03:01 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/08/11 11:34:00 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/07/06 12:28:54 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Owner\secsetup.sdb
[2012/04/11 16:38:41 | 000,237,732 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2012/04/11 16:38:41 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2012/03/19 09:14:17 | 002,515,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-2049760794-725345543-1003-0.dat
[2012/03/19 09:14:16 | 000,260,090 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/09 14:35:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 23:19:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 15:21:41 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/12/12 15:21:41 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/11/27 17:42:41 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18iMfb.dat
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1w15mg3p30e624
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624
[2011/07/15 14:00:07 | 000,077,349 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2011/06/30 15:32:37 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/06/14 11:55:59 | 000,237,689 | ---- | C] () -- C:\WINDOWS\hpwins20.dat.temp
[2011/06/14 11:55:58 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat.temp
[2011/04/02 11:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/08/26 16:56:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\LOG
[2008/03/27 11:12:15 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 14:01:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/03/25 16:09:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/19 12:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/10/08 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/19 14:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/04/25 11:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/07/16 14:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2012/08/29 13:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/12 15:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/05/09 14:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/03/31 12:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2012/07/07 11:06:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/26 09:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eagle Point Software
[2013/01/10 11:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/12/12 16:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2012/01/07 15:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/03/28 09:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/07/20 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2012/01/05 20:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/03/21 09:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/08 11:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/10 17:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/25 07:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/08 10:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2012/03/29 22:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/04/25 11:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AT&T
[2009/06/28 09:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ATTToolbar
[2008/09/03 13:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2009/03/30 11:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AutoSync for Yahoo
[2008/05/09 14:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2010/04/08 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/09/19 19:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2013/01/10 03:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2012/07/10 08:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/01/06 09:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2010/04/12 19:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2011/01/27 16:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2009/05/12 12:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GoodSync
[2008/03/31 10:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/18 10:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyPublisher
[2011/12/12 15:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OnlineArmor
[2009/03/30 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PushSyncData
[2008/05/08 16:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2012/06/18 10:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2008/04/22 08:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/01/04 12:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/10/21 12:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex

========== Purity Check ==========



< End of report >

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    TechSpot
    Official Site (alternative)
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

email was sent to all in my outlook address book with link to trojan RGKRScan


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

email was sent to all in my outlook address book with link to trojan RGKRDelete


  • The report has been created on the desktop.


  • Next click on the ShortcutsFix

    email was sent to all in my outlook address book with link to trojan RGKRShortcutsFix
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


avast! aswMBR

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below

email was sent to all in my outlook address book with link to trojan AswMBR_Scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

  • Once the scan finishes click Save log to save the log to your Desktop
    email was sent to all in my outlook address book with link to trojan AswMBR_SaveLog
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/10/2013 14:09:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3320620AS +++++
--- User ---
[MBR] 395d70269dadadd221e28d7939d83921
[BSP] 045dd44fdfd467491548e0a30753e2cc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01102013_02d1409.txt >>
RKreport[1]_S_01102013_02d1409.txt

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 01/10/2013 14:10:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3320620AS +++++
--- User ---
[MBR] 395d70269dadadd221e28d7939d83921
[BSP] 045dd44fdfd467491548e0a30753e2cc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01102013_02d1410.txt >>
RKreport[1]_S_01102013_02d1409.txt ; RKreport[2]_D_01102013_02d1410.txt

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/10/2013 14:13:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 785 / Fail 0
My documents: Success 1498 / Fail 1498
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 121 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_01102013_02d1413.txt >>
RKreport[1]_S_01102013_02d1409.txt ; RKreport[2]_D_01102013_02d1410.txt ; RKreport[3]_SC_01102013_02d1413.txt







descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 14:18:04
-----------------------------
14:18:04.375 OS Version: Windows 5.1.2600 Service Pack 3
14:18:04.375 Number of processors: 4 586 0xF0B
14:18:04.375 ComputerName: QUADCORE UserName: Owner
14:18:05.218 Initialize success
14:18:05.281 AVAST engine defs: 13011000
14:18:16.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
14:18:16.000 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
14:18:16.000 Disk 0 MBR read successfully
14:18:16.000 Disk 0 MBR scan
14:18:16.000 Disk 0 Windows XP default MBR code
14:18:16.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
14:18:16.015 Disk 0 scanning sectors +625121280
14:18:16.078 Disk 0 scanning C:\WINDOWS\system32\drivers
14:18:21.109 Service scanning
14:18:31.562 Modules scanning
14:18:36.609 AVAST engine scan C:\WINDOWS
14:18:51.906 AVAST engine scan C:\WINDOWS\system32
14:20:58.562 AVAST engine scan C:\WINDOWS\system32\drivers
14:21:13.359 AVAST engine scan C:\Documents and Settings\Owner
14:22:51.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
14:22:51.000 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I'm having trouble attaching the MBR.dat renamed to MBRscan.txt file. I get a message "invalid file". I will keep trying to upload the file.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I ran aswmbr a second time and this time I made sure it had finished. Below is the correct log file.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 16:43:36
-----------------------------
16:43:36.296 OS Version: Windows 5.1.2600 Service Pack 3
16:43:36.296 Number of processors: 4 586 0xF0B
16:43:36.296 ComputerName: QUADCORE UserName: Owner
16:43:37.062 Initialize success
16:43:37.125 AVAST engine defs: 13011000
16:45:06.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
16:45:06.921 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
16:45:06.937 Disk 0 MBR read successfully
16:45:06.937 Disk 0 MBR scan
16:45:06.953 Disk 0 Windows XP default MBR code
16:45:06.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
16:45:06.968 Disk 0 scanning sectors +625121280
16:45:07.078 Disk 0 scanning C:\WINDOWS\system32\drivers
16:45:19.187 Service scanning
16:45:29.671 Modules scanning
16:45:45.453 AVAST engine scan C:\WINDOWS
16:46:15.375 AVAST engine scan C:\WINDOWS\system32
16:50:12.046 AVAST engine scan C:\WINDOWS\system32\drivers
16:50:46.859 AVAST engine scan C:\Documents and Settings\Owner
17:27:45.687 AVAST engine scan C:\Documents and Settings\All Users
17:40:46.218 Scan finished successfully
18:19:12.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:19:12.656 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I'm still unable to upload the MBRscan.txt file. Message "uploaded file is not valid". Any ideas??

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
C:\Documents and Settings\Owner\Desktop\LG_DVD_Writer_Solution_Power_DVD__PowerProducer__Nero_Express_Aruzeo.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-823518204-2049760794-725345543-1003\Dc1.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP167\A0023694.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP167\A0023698.exe Win32/Adware.1ClickDownload.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP167\A0023702.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017516.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017518.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017519.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017520.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Other issues:
My IE explorer has been real slow compared to other browsers like chrome.
A lot of times a browser window would fail to open on the first try. Also I still cannot use my usb HP printer. The printer works fine with my wireless notebook, however. Also I was never able to resolve the problem with my dvd player. It works only with music video dvds but will not work with installation cd's or music cd's (see my prior issues). I think that is it. Thanks for all your help. You have really been prompt in replying.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).


Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

email was sent to all in my outlook address book with link to trojan P22001645



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

email was sent to all in my outlook address book with link to trojan P22001646


Go to Step 4 and under "System Restore" click on Create button:

email was sent to all in my outlook address book with link to trojan P22001644


Go to Start Repairs tab and click Start button.

email was sent to all in my outlook address book with link to trojan P22001166


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

email was sent to all in my outlook address book with link to trojan P22001647

Click on box next to the Restart System when Finished. Then click on Start.


Let me know if problems resolve.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I'm unable to complete step 3. When i put my windows xp cd in my dvd player it prompts that I inserted the wrong cd. I guess since my dvd player has not been working properly it is not reading the cd. I'm sure it is the right cd. What should I try next??

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Please Go to Start and then to Run
Type in Chkdsk /r << Please Note the space between k and /
Hit Enter ...It will ask if you want to do this on the next reboot...please press Y

Please make sure it reboots. On reboot the system will start the Check Disk operation.

Note... there are 5 stages...
It may appear to hang at a certain percent, but this is normal.
Please allow it to run and finish.
When completed it will boot the system back into Windows.

Please let me know if this fixes the problem, or if it does not function.

If this did not work, please try again in Safe Mode the following: CHKDSK. << No parameters like earlier.


Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I'm a little confused with your last instructions. I ran the 5 stages of Chkdsk. I then tried to run step 3 of Windows Repair and got the same message when asked to insert my windows cd. Should I try to run sfc /scannow next or go to the regedit run next?

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
BTW it took about 3 hours to run the 5 stages of Chkdsk (for waht its worth).

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86 -....iso.zip file.
3. Inside, you'll find memtest86 -....iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:

email was sent to all in my outlook address book with link to trojan P4393897

8. Locate memtest86 -....iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:

email was sent to all in my outlook address book with link to trojan P4393911

10. Once the CD is created, boot from it, and memtest will automatically start to run.

The running program will look something like this depending on the size and number of ram modules installed:

email was sent to all in my outlook address book with link to trojan Main_menu

It's recommended to run 5-6 passes. Each pass contains very same

8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.

email was sent to all in my outlook address book with link to trojan Testarea_cu

The following image is the test results area:

email was sent to all in my outlook address book with link to trojan P4393925

The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I ran 6 passes with no errors. The dvd player was able to write and perform as a boot drive. Not sure what this tells me except my RAM is ok.
Internet Explorer has been much faster so that problem seems to be addressed. What next?

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
All the diagnostic reports came back okay...so no hardware issues.

Might be doing this again:

avast! aswMBR

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below

email was sent to all in my outlook address book with link to trojan AswMBR_Scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

  • Once the scan finishes click Save log to save the log to your Desktop
    email was sent to all in my outlook address book with link to trojan AswMBR_SaveLog
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-15 15:35:11
-----------------------------
15:35:11.375 OS Version: Windows 5.1.2600 Service Pack 3
15:35:11.375 Number of processors: 4 586 0xF0B
15:35:11.375 ComputerName: QUADCORE UserName: Owner
15:35:12.812 Initialize success
15:35:12.906 AVAST engine defs: 13011501
15:36:35.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
15:36:35.921 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
15:36:35.937 Disk 0 MBR read successfully
15:36:35.937 Disk 0 MBR scan
15:36:35.937 Disk 0 Windows XP default MBR code
15:36:35.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
15:36:35.937 Disk 0 scanning sectors +625121280
15:36:35.984 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:41.687 Service scanning
15:36:52.015 Modules scanning
15:36:57.046 AVAST engine scan C:\WINDOWS
15:37:03.968 AVAST engine scan C:\WINDOWS\system32
15:39:08.625 AVAST engine scan C:\WINDOWS\system32\drivers
15:39:23.015 AVAST engine scan C:\Documents and Settings\Owner
16:06:26.453 AVAST engine scan C:\Documents and Settings\All Users
16:18:23.687 Scan finished successfully
16:27:30.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
16:27:30.765 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"


descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I'm still unable to upload the MBRscan.txt file. Message "uploaded file is not valid".

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Go to Start > right-click on My Computer and select Manage.

Press the Device Manager tab on the left. Look for any yellow exclamation marks and post it in your next reply.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
No yellow exclamation marks were shown on the device mgr. tab.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
We need to check out your devices. Please download DevDiag, and save it to your Desktop:
Direct Download

  • If you are using Vista or Windows 7, please right-click DevDiag.exe and select Run As Administrator. Otherwise, simply double-click the program to run it.
  • At the options screen, please type 2 and hit Enter.
  • The tool will take a few moments to scan. When finished, a report should pop-up, also available on your Desktop (DevDiag.txt).
  • Please do not copy/paste the report into your next reply. Instead, Attach it by clicking Add Reply, and scrolling down to the Attachments section.

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Still unable to attach a file. I go to Post Reply, attach file, browse for the file and "submit Query". I still get error message"Uploaded file is invalid".

DevDiag by jpshortstuff (10.08.09)
Log created at 21:32 on 15/01/2013 (Owner)

========== Problematic Devices =========

(No problematic devices found)

========== Device List =========

[*] = Hidden
[!] = Problem (listed above)
[-] = Not present

--Battery--
CyberPower Battery Backup

--CDROM--
CD-ROM Drive

--Computer--
ACPI Multiprocessor PC

--DiskDrive--
Disk drive

--Display--
NVIDIA GeForce 8800 GT

--hdc--
Intel(R) ICH8 2 port Serial ATA Storage Controller - 2825
Intel(R) ICH8 4 port Serial ATA Storage Controller - 2820
Primary IDE Channel (2)
Secondary IDE Channel (2)

--HIDClass--
USB Human Interface Device

--Keyboard--
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

--LegacyDriver--
AFD
aswRdr
avast! Asynchronous Virus Monitor
avast! Network Shield Support
avast! Self Protection
Beep
catchme
Creative 20X HAL Driver
Creative AC3 Software Decoder
Creative DVD-Audio Device Driver
Creative OS Services Driver
Creative Proxy Driver
Creative SoundFont Management Device Driver
dmboot
dmload
E-mu Plug-in Architecture Driver
Fips
Generic Packet Classifier
HTTP
IP Network Address Translator
IP Traffic Filter Driver
IPSEC driver
ksecdd
Link-Layer Topology Discovery Responder
MCSTRM
mnmdd
mountmgr
MRENDIS5 NDIS Protocol Driver
MRESP50 NDIS Protocol Driver
NDIS System Driver
NDIS Usermode I/O Protocol
NDProxy
NetBios over Tcpip
Null
OAmon
OAnet
Online Armor helper driver
PartMgr
ParVdm
RDPCDD
Remote Access Auto Connection Driver
Remote Access IP ARP Driver
Remote Access NDIS TAPI Driver
Secdrv
TCP/IP Protocol Driver
VgaSave
VolSnap
Windows Driver Foundation - User-mode Driver Framework Platform Driver
Windows Socket 2.0 Non-IFS Service Provider Support Environment

--MEDIA--
[*]Microsoft Kernel System Audio Device
[*]Microsoft Kernel Wave Audio Mixer
[*]Microsoft WINMM WDM Audio Compatibility Driver
Audio Codecs
Creative X-Fi Audio Processor (WDM)
Legacy Audio Drivers
Legacy Video Capture Devices
Media Control Devices
Realtek High Definition Audio
Video Codecs

--Monitor--
SyncMaster P2250/P2250G(Digital)

--Mouse--
Microsoft PS/2 Mouse

--MultiFunction--
PCI Multi-IO Controller
[-]Officejet J4680 series

--Net--
[*]Direct Parallel
[*]WAN Miniport (IP)
[*]WAN Miniport (L2TP)
[*]WAN Miniport (PPPOE)
[*]WAN Miniport (PPTP)
Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller

--Ports--
Communications Port
ECP Printer Port
PCI Parallel Port

--Printer--
HP LaserJet 4V

--Processor--
Intel Processor (4)

--SCSIAdapter--
JMicron JMB36X Controller

--System--
[*]ACPI Power Button
[*]Logical Disk Manager
[*]Printer Port Logical Interface (2)
[*]Terminal Server Keyboard Driver
[*]Terminal Server Mouse Driver
[*]Volume Manager
ACPI Fixed Feature Button
ATK0110 ACPI UTILITY
Intel(R) 82801 PCI Bridge - 244E
Intel(R) ICH8 Family PCI Express Root Port 1 - 283F
Intel(R) ICH8 Family PCI Express Root Port 3 - 2843
Intel(R) ICH8 Family PCI Express Root Port 4 - 2845
Intel(R) ICH8/ICH8R Family LPC Interface Controller - 2810
Intel(R) P965/G965 PCI Express Root Port - 29A1
Intel(R) P965/G965 Processor to I/O Controller - 29A0
ISAPNP Read Data Port
Microcode Update Device
Microsoft ACPI-Compliant System
Microsoft Composite Battery
Microsoft System Management BIOS Driver
Microsoft UAA Bus Driver for High Definition Audio
PCI bus
Plug and Play Software Device Enumerator
System CMOS/real time clock
Terminal Server Device Redirector
[-]Direct memory access controller
[-]Intel(R) ICH8 Family SMBus Controller - 283E
[-]Motherboard resources (4)
[-]Numeric data processor
[-]Programmable interrupt controller
[-]System board (2)
[-]System speaker
[-]System timer

--USB--
Intel(R) ICH8 Family USB Universal Host Controller - 2830
Intel(R) ICH8 Family USB Universal Host Controller - 2831
Intel(R) ICH8 Family USB Universal Host Controller - 2832
Intel(R) ICH8 Family USB Universal Host Controller - 2834
Intel(R) ICH8 Family USB Universal Host Controller - 2835
Intel(R) ICH8 Family USB2 Enhanced Host Controller - 2836
Intel(R) ICH8 Family USB2 Enhanced Host Controller - 283A
USB Root Hub (7)

--USBSTUBDRIVER--
USBDeviceShare USB Device Stub (2)

--Volume--
[*]Generic volume

-=E.O.F=-

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
What other issues? We may have resolved as much as we could...

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I just updated my Avast free anti-virus software and now none of my browsers or my email will work unless I disable the avast. I went to the avast support site but did not find a fix for this problem. any ideas??

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
I guess I'm good for now. Should I clean-up and un-install all the scanning programs?

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Bump

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
Bump

descriptionemail was sent to all in my outlook address book with link to trojan EmptyRe: email was sent to all in my outlook address book with link to trojan

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum