Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ohhhhh please help, please please?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Ohhhhh please help, please please?

Unread postby jessicamaybe » January 22nd, 2011, 2:27 am

Description:
About three days ago I was on ch131.com and apparently clicked on something I shouldn't have, and my computer has NOT been okay ever since. Random websites appear and it looks like they're going to porn.org, viagra.com, and other sites. Then when I try to look things up on Google, random sites will appear. At first it was saying "Internet Explorer says not to open this page" or something like that, which is ridiculous since I was using FireFox. My computer started running very very slowly, and in the toolbar there was a new icon that was white and green, and it showed fake Windows messages telling me to install anti-virus programs, even though I had Avast! Next, more windows would pop up telling me that I needed to download various programs, and it would look like they were running some sort of screening tool. I knew this was probably a virus, but Avast! couldn't find it, and it somehow was able to turn off my Avast! so it showed up as unsecured. I downloaded and ran MalwareBytes and Spybot, and they found a few things, included something called WhiteSmoke, but I'm still having problems with random sites popping up and my computer running slowly. I have Windows XP, and the Windows task bar on the bottom has changed as well, and is now the light grey old-school toolbar. Also, my homepage changed, and Bing was set up as my primary search engine on my Mozilla toolbar. Over the last few days I've run Avast!, Spybot and MalwareBytes several times, and they have still not been able to fix this. If you could help me I'd be SO thankful!!

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:10 PM, on 1/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Jessica\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7368 bytes


Uninstaller

32 Bit HP CIO Components Installer
Acer eManager for Notebook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems AC'97 Modem
Amazon MP3 Downloader 1.0.10
Apple Mobile Device Support
Apple Software Update
Arcade 3.0
avast! Free Antivirus
Bonjour
Coupon Printer for Windows
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
eMusic Download Manager 4.1.4
GIMP 2.6.7
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing
HP Solution Center 13.0
HP Update
iTunes
Java(TM) 6 Update 20
Launch Manager
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4
NTI CD & DVD-Maker Gold
OverDrive Media Console
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
jessicamaybe
Active Member
 
Posts: 8
Joined: January 22nd, 2011, 2:13 am
Advertisement
Register to Remove

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 22nd, 2011, 7:14 am

Looking at your logs. Back as soon as I can
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 22nd, 2011, 7:40 am

Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!


  • Save and quit any work your doing before beginning the fix.
  • Follow the steps I describe in the order I asked if at all possible,
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT install new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!

HiJackThis
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Close that.
___________________________________________
Uninstall Programs
Start/control panel/add remove programs ;
And Uninstall
Adobe Reader 7.0 << Outdated
Coupon Printer for Windows <<contains trackingware/Adware
Java(TM) 6 Update 20 << Outdated

___________________________________
uninstall spybot search and destroy.
Although it's a good program it sometimes stops us from making changes we need to. You can reinstall it later when we are finished..
Just easier this way.

________________________________________
Update Java Runtime

You are using an old and vunerable version of Java. The lateset is Java Runtime Environment (Java SE 6 Update 23).
  • Go to Java Site
  • Click to Download JDK 6 Update 23(JDK or JRE)
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u18-windows-i586.exe" and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



_______________________________________
Adobe Acrobat Reader update

You are using an older vulnerable version of Adobe Acrobat Reader. Please go here
to download the latest Adobe Acrobat Reader.
NOTE: Be sure to uncheck include McAfee security be fore you download.




______________________________
I see you have Malwarebytes anti Malware installed.
Let's update it and run a full scan.

  • Open Malwarebytes program
  • Click on updates.
  • If an update is found, it will download and install the latest version.
  • If it has trouble updating try clicking on update Mirror ( under the check for updates box) and try updating again.
  • Once the program has updated, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

    If you accidentally close it you may find it here.
    Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs




    _____________________________________________
    RSIT
    • Download Random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



    _________________________
    In your next reply I would like to see:

    • The report from Malwarebytes
    • The report from RSIT
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby jessicamaybe » January 23rd, 2011, 3:48 pm

Thanks for all the help! I did everything you said.

Here is the Malwarebyte's log:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5577

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/23/2011 12:32:53 PM
mbam-log-2011-01-23 (12-32-53).txt

Scan type: Full scan (C:\|D:\|Z:\|)
Objects scanned: 199590
Time elapsed: 1 hour(s), 48 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\Temp\2C.tmp (PUP.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\setupCfg.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.


And the logs from RSIT:

log.txt:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jessica at 2011-01-23 12:42:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (35%) free of 57 GB
Total RAM: 446 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:09 PM, on 1/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Eula.exe
C:\Documents and Settings\Jessica\Desktop\RSIT.exe
C:\Program Files\trend micro\Jessica.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7174 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-48267239-1753708077-2519494442-1005Core1cb89e294fb73f4.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-23 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-07 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-02-23 77824]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-07 88363]
"SiSPower"=SiSPower.dll,ModeAgent []
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PCMService"=C:\Program Files\Arcade\PCMService.exe [2005-03-09 49152]
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-03-28 315392]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall Adobe Download Manager"=C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe [2010-11-29 39200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-21 136176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\System32\lxcycoms.exe"="C:\WINDOWS\System32\lxcycoms.exe:*:Enabled:3400 Series Server"
"D:\setup\hpznui01.exe"="D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\setup\hpznui01.exe"="D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

======List of files/folders created in the last 1 months======

2011-01-23 12:42:54 ----D---- C:\Program Files\trend micro
2011-01-23 12:42:45 ----D---- C:\rsit
2011-01-23 12:33:05 ----A---- C:\WINDOWS\system32\drivers\mjfn.sys
2011-01-23 10:32:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-01-23 10:32:21 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-01-23 10:30:05 ----D---- C:\Program Files\NOS
2011-01-23 10:30:05 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2011-01-23 10:26:48 ----D---- C:\Program Files\Common Files\Java
2011-01-23 10:26:27 ----A---- C:\WINDOWS\system32\javaws.exe
2011-01-23 10:26:27 ----A---- C:\WINDOWS\system32\javaw.exe
2011-01-23 10:26:27 ----A---- C:\WINDOWS\system32\java.exe
2011-01-23 10:26:00 ----D---- C:\Program Files\Java
2011-01-18 20:45:48 ----D---- C:\Documents and Settings\Jessica\Application Data\Malwarebytes
2011-01-18 20:43:45 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-18 20:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-01-18 20:43:35 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-18 20:43:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-18 20:40:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-01-18 20:40:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-18 20:21:38 ----D---- C:\Documents and Settings\Jessica\Application Data\HP
2011-01-18 19:15:28 ----D---- C:\WINDOWS\system32\%APPDATA%
2011-01-18 19:13:45 ----D---- C:\Documents and Settings\Jessica\Application Data\Engud
2011-01-18 14:49:09 ----ASH---- C:\hiberfil.sys
2011-01-18 14:27:55 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-18 13:21:14 ----SHD---- C:\FOUND.009
2011-01-18 11:48:32 ----D---- C:\Documents and Settings\Jessica\Application Data\HPAppData
2011-01-13 09:15:10 ----SHD---- C:\FOUND.008
2011-01-12 23:29:10 ----HD---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-11 23:56:26 ----SHD---- C:\FOUND.007

======List of files/folders modified in the last 1 months======

2011-01-23 10:31:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-23 10:26:08 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-01-23 09:35:58 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2011-01-20 19:51:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-18 16:33:26 ----A---- C:\WINDOWS\imsins.BAK
2011-01-13 01:47:32 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-09-25 43528]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-07 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24 2311680]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2009-09-01 6144]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824]
S0 ipehfjr;ipehfjr; C:\WINDOWS\System32\drivers\mjfn.sys [2011-01-23 54016]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-23 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []

-----------------EOF-----------------


info.txt:

info.txt logfile of random's system information tool 1.08 2011-01-23 12:43:16

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
Acer eManager for Notebook-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Agere Systems AC'97 Modem-->agrsmdel
Amazon MP3 Downloader 1.0.10-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arcade 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMusic Download Manager 4.1.4-->C:\Program Files\eMusic Download Manager\uninst.exe
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Document Manager 2.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet 6500 E709 Series-->C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzscr01.exe -datfile hpwscr23.dat -forcereboot
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1033 BUN4
NTI CD & DVD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1033 CDM7
OverDrive Media Console-->MsiExec.exe /I{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2416400)-->"C:\WINDOWS\$NtUninstallKB2416400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem7.inf
SiSAGP driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2483110)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {592B47F5-D305-431A-9781-ED6CBB44FA8B}
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 http://www.8minutedating.com
127.0.0.1 whysohardx.com
127.0.0.1 protectyourpc-11.com
127.0.0.1 checkserverstatux.com
127.0.0.1 xinmin.cn
127.0.0.1 xy95.cn
127.0.0.1 koralda.com
127.0.0.1 weirden.com
127.0.0.1 nanocloudcontroller.com
127.0.0.1 coo0lnet.net

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: ACER-2E68C49B20
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

Record Number: 20737
Source Name: Service Control Manager
Time Written: 20110107180707.000000-420
Event Type: error
User:

Computer Name: ACER-2E68C49B20
Event Code: 7000
Message: The Fast User Switching Compatibility service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 20736
Source Name: Service Control Manager
Time Written: 20110107180637.000000-420
Event Type: error
User:

Computer Name: ACER-2E68C49B20
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the FastUserSwitchingCompatibility service.

Record Number: 20735
Source Name: Service Control Manager
Time Written: 20110107180637.000000-420
Event Type: error
User:

Computer Name: ACER-2E68C49B20
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Record Number: 20734
Source Name: Service Control Manager
Time Written: 20110107180607.000000-420
Event Type: error
User:

Computer Name: ACER-2E68C49B20
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 20664
Source Name: Tcpip
Time Written: 20110105200836.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: ACER-2E68C49B20
Event Code: 20
Message:
Record Number: 1340
Source Name: Google Update
Time Written: 20101126142703.000000-420
Event Type: warning
User: ACER-2E68C49B20\Jessica

Computer Name: ACER-2E68C49B20
Event Code: 20
Message:
Record Number: 1339
Source Name: Google Update
Time Written: 20101126132707.000000-420
Event Type: warning
User: ACER-2E68C49B20\Jessica

Computer Name: ACER-2E68C49B20
Event Code: 1002
Message: Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1323
Source Name: Application Hang
Time Written: 20101123234018.000000-420
Event Type: error
User:

Computer Name: ACER-2E68C49B20
Event Code: 1002
Message: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1322
Source Name: Application Hang
Time Written: 20101123220256.000000-420
Event Type: error
User:

Computer Name: ACER-2E68C49B20
Event Code: 1000
Message: Faulting application plugin-container.exe, version 1.9.2.3951, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Record Number: 1308
Source Name: Application Error
Time Written: 20101121200051.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
jessicamaybe
Active Member
 
Posts: 8
Joined: January 22nd, 2011, 2:13 am

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 24th, 2011, 8:16 am

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.




________________________________________
OTL
Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options are checked (ticked). There are five of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Copy the text below in the code box into the custon scan box on the bottom.
    ( DO NOT COPY THE WORD CODE)
Code: Select all
 C:\FOUND.009
C:\FOUND.008
C:\FOUND.007



[*]Click on Run Scan at the top left hand corner. This might take a while.
[*]When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.[/list]



_________________________
In your next reply I would like to see:
  • The report from OTL
  • The report from TDSSKiller

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby jessicamaybe » January 24th, 2011, 10:26 pm

Here's the reports!

TDSS RESULTS:

2011/01/24 18:52:04.0203 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/24 18:52:04.0203 ================================================================================
2011/01/24 18:52:04.0203 SystemInfo:
2011/01/24 18:52:04.0203
2011/01/24 18:52:04.0203 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/24 18:52:04.0203 Product type: Workstation
2011/01/24 18:52:04.0203 ComputerName: ACER-2E68C49B20
2011/01/24 18:52:04.0234 UserName: Jessica
2011/01/24 18:52:04.0234 Windows directory: C:\WINDOWS
2011/01/24 18:52:04.0234 System windows directory: C:\WINDOWS
2011/01/24 18:52:04.0234 Processor architecture: Intel x86
2011/01/24 18:52:04.0234 Number of processors: 1
2011/01/24 18:52:04.0234 Page size: 0x1000
2011/01/24 18:52:04.0234 Boot type: Normal boot
2011/01/24 18:52:04.0234 ================================================================================
2011/01/24 18:52:05.0000 Initialize success
2011/01/24 18:53:03.0265 ================================================================================
2011/01/24 18:53:03.0265 Scan started
2011/01/24 18:53:03.0265 Mode: Manual;
2011/01/24 18:53:03.0265 ================================================================================
2011/01/24 18:53:04.0265 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/24 18:53:05.0296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/24 18:53:05.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/24 18:53:05.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/24 18:53:06.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/24 18:53:06.0343 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/24 18:53:07.0406 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/01/24 18:53:07.0968 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/01/24 18:53:09.0187 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/24 18:53:09.0359 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/24 18:53:09.0609 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/24 18:53:09.0875 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/24 18:53:10.0218 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/24 18:53:10.0531 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/24 18:53:10.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/24 18:53:11.0484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/24 18:53:11.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/24 18:53:11.0968 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/24 18:53:12.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/24 18:53:12.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/24 18:53:12.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/24 18:53:12.0843 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/24 18:53:13.0125 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/24 18:53:13.0640 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/24 18:53:14.0156 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/24 18:53:15.0234 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/24 18:53:15.0406 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
2011/01/24 18:53:15.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/24 18:53:15.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/24 18:53:16.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/24 18:53:16.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/24 18:53:16.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/24 18:53:17.0312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/24 18:53:17.0625 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/24 18:53:17.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/24 18:53:18.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/24 18:53:18.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/24 18:53:18.0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/24 18:53:18.0437 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/24 18:53:18.0593 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/01/24 18:53:18.0843 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/24 18:53:19.0093 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/24 18:53:19.0250 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/24 18:53:19.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/24 18:53:20.0531 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/24 18:53:20.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/24 18:53:21.0546 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/24 18:53:21.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/24 18:53:22.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/24 18:53:22.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/24 18:53:22.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/24 18:53:22.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/24 18:53:23.0234 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/24 18:53:23.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/24 18:53:23.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/24 18:53:24.0062 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/24 18:53:24.0562 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/24 18:53:24.0828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/24 18:53:25.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/24 18:53:25.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/24 18:53:25.0906 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/24 18:53:26.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/24 18:53:26.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/24 18:53:26.0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/24 18:53:27.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/24 18:53:27.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/24 18:53:27.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/24 18:53:27.0906 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/24 18:53:28.0203 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/24 18:53:28.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/24 18:53:28.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/24 18:53:28.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/24 18:53:29.0140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/24 18:53:29.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/24 18:53:29.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/24 18:53:30.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/24 18:53:30.0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/24 18:53:30.0531 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/01/24 18:53:30.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/24 18:53:30.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/24 18:53:30.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/24 18:53:31.0062 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/24 18:53:31.0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/24 18:53:31.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/24 18:53:31.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/24 18:53:32.0093 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/24 18:53:32.0281 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/24 18:53:34.0093 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/01/24 18:53:34.0375 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/24 18:53:34.0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/24 18:53:34.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/24 18:53:35.0000 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/24 18:53:36.0593 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/24 18:53:36.0859 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/24 18:53:37.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/24 18:53:37.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/24 18:53:37.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/24 18:53:37.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/24 18:53:37.0890 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/24 18:53:38.0156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/24 18:53:38.0468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/24 18:53:38.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/24 18:53:38.0921 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/24 18:53:39.0328 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/01/24 18:53:39.0562 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/01/24 18:53:39.0750 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/01/24 18:53:39.0921 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2011/01/24 18:53:40.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/24 18:53:40.0546 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/24 18:53:40.0781 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/24 18:53:41.0015 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/01/24 18:53:41.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/24 18:53:41.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/24 18:53:42.0546 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/24 18:53:42.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/24 18:53:43.0031 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/24 18:53:43.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/24 18:53:43.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/24 18:53:43.0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/24 18:53:44.0296 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/01/24 18:53:44.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/24 18:53:45.0031 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/24 18:53:45.0296 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/24 18:53:45.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/24 18:53:45.0796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/24 18:53:45.0968 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/24 18:53:46.0125 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/24 18:53:46.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/24 18:53:46.0468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/24 18:53:46.0687 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/24 18:53:47.0109 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/24 18:53:47.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/24 18:53:47.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/24 18:53:48.0062 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/24 18:53:48.0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/24 18:53:48.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/24 18:53:48.0593 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/24 18:53:48.0609 ================================================================================
2011/01/24 18:53:48.0609 Scan finished
2011/01/24 18:53:48.0609 ================================================================================
2011/01/24 18:53:48.0656 Detected object count: 1
2011/01/24 18:55:17.0031 \HardDisk0 - will be cured after reboot
2011/01/24 18:55:17.0031 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/24 18:55:41.0390 Deinitialize success



OTL logfile created on: 1/24/2011 7:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 19.19 Gb Free Space | 34.35% Space Free | Partition Type: FAT32

Computer Name: ACER-2E68C49B20 | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/24 19:13:54 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
PRC - [2011/01/13 01:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 01:47:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/11 08:47:16 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 08:47:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe


========== Modules (SafeList) ==========

MOD - [2011/01/24 19:13:54 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
MOD - [2010/09/18 00:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/10/07 23:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/13 01:47:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 01:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 01:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 01:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 01:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 01:37:12 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 01:37:10 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/01 16:36:58 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 23:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-48267239-1753708077-2519494442-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\S-1-5-21-48267239-1753708077-2519494442-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/05/11 21:52:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/05/11 21:52:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/26 22:12:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 17:23:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 17:23:52 | 000,000,000 | ---D | M]

[2009/10/29 17:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2009/10/29 17:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions
[2011/01/18 19:16:58 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com
[2009/10/29 17:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/08 22:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/23 10:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/05/11 21:52:34 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2010/05/11 21:52:34 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2010/05/11 21:52:34 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/01/23 10:26:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:30 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/01/22 15:17:04 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/01/20 19:38:20 | 000,001,003 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-48267239-1753708077-2519494442-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 19:13:48 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/01/24 19:08:30 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Jessica\Desktop\couponprinter.exe
[2011/01/24 18:51:32 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jessica\Desktop\tdsskiller.exe
[2011/01/23 12:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/23 12:42:45 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/23 12:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/01/23 12:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2011/01/23 10:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/01/23 10:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/01/23 10:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/23 10:26:28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/23 10:26:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/23 10:26:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/23 10:26:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/23 10:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/23 10:23:14 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jessica\Desktop\jre-6u23-windows-i586.exe
[2011/01/22 15:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/01/21 22:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Desktop\HijackThis
[2011/01/20 22:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/01/20 20:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/01/20 20:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/01/18 20:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\Malwarebytes
[2011/01/18 20:43:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/18 20:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/18 20:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/18 20:43:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/18 20:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/18 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/18 20:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/18 20:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\HP
[2011/01/18 19:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Desktop\New Folder
[2011/01/18 19:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/18 19:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Local Settings\Application Data\{9870BC6E-7749-4728-BCE5-99BD52539D84}
[2011/01/18 19:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2011/01/18 19:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\Engud
[2011/01/18 13:21:14 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2011/01/18 11:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/01/18 11:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/01/18 11:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\HPAppData
[2011/01/13 09:15:10 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011/01/11 23:56:26 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/24 19:13:54 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/01/24 19:08:34 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Jessica\Desktop\couponprinter.exe
[2011/01/24 18:57:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/24 18:57:24 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/24 18:51:46 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jessica\Desktop\tdsskiller.exe
[2011/01/23 12:35:16 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\RSIT.exe
[2011/01/23 10:35:12 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/01/23 10:26:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/23 10:26:08 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/23 10:26:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/23 10:26:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/23 10:26:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/23 10:24:40 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jessica\Desktop\jre-6u23-windows-i586.exe
[2011/01/22 18:19:12 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-48267239-1753708077-2519494442-1005Core1cb89e294fb73f4.job
[2011/01/22 11:12:06 | 000,050,648 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\southpass.jpg
[2011/01/21 23:55:34 | 000,016,995 | ---- | M] () -- C:\Documents and Settings\Jessica\.recently-used.xbel
[2011/01/18 22:46:56 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 20:43:48 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/18 19:56:00 | 000,002,208 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Google Chrome.lnk
[2011/01/18 19:56:00 | 000,002,186 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/18 19:51:10 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/18 19:50:48 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/18 19:31:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/18 19:17:00 | 000,003,056 | ---- | M] () -- C:\WINDOWS\Phiqexomino.dat
[2011/01/18 16:33:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/13 01:47:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 01:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 01:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 01:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 01:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 01:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 01:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 01:37:12 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 01:37:10 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/11 22:48:46 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\housecall.guid.cache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/23 12:36:32 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\RSIT.exe
[2011/01/23 10:35:10 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/01/23 10:35:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/01/22 11:12:02 | 000,050,648 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\southpass.jpg
[2011/01/21 23:55:33 | 000,016,995 | ---- | C] () -- C:\Documents and Settings\Jessica\.recently-used.xbel
[2011/01/18 20:43:46 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/18 19:16:58 | 000,003,056 | ---- | C] () -- C:\WINDOWS\Phiqexomino.dat
[2011/01/18 14:49:09 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/11 22:48:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\housecall.guid.cache
[2010/11/26 21:57:32 | 000,004,023 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/16 21:49:58 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/09 09:50:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/07 12:32:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 12:22:45 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 12:22:45 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 12:15:13 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 12:07:16 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/03/07 12:07:04 | 000,201,667 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 12:01:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/07 12:01:47 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/07 11:54:46 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 11:46:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/07 11:41:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2009/12/20 23:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/11 21:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/29 21:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\gtk-2.0
[2009/12/13 23:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\OverDrive
[2010/05/11 21:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\eMusic
[2010/06/18 23:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Facebook
[2010/11/22 23:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Amazon
[2011/01/18 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Engud

========== Purity Check ==========



========== Custom Scans ==========


< C:\FOUND.009 >

< C:\FOUND.008 >

< C:\FOUND.007 >

< End of report >




OTL Extras logfile created on: 1/24/2011 7:16:13 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 19.19 Gb Free Space | 34.35% Space Free | Partition Type: FAT32

Computer Name: ACER-2E68C49B20 | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-48267239-1753708077-2519494442-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\System32\lxcycoms.exe" = C:\WINDOWS\System32\lxcycoms.exe:*:Enabled:3400 Series Server
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker
"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast5" = avast! Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold
"InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-48267239-1753708077-2519494442-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2011 5:14:42 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 1/23/2011 5:14:43 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/23/2011 8:40:39 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: The connection with the server was terminated abnormally

Error - 1/23/2011 8:40:39 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: The connection with the server was terminated abnormally

Error - 1/23/2011 8:40:39 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 1/23/2011 8:40:39 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 1/23/2011 11:15:12 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 1/23/2011 11:15:13 PM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/24/2011 1:26:53 AM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 1/24/2011 1:26:59 AM | Computer Name = ACER-2E68C49B20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 1/23/2011 11:10:10 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 1/23/2011 11:10:40 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 1/23/2011 11:11:10 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the W32Time service.

Error - 1/23/2011 11:11:40 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the wuauserv service.

Error - 1/23/2011 11:12:10 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the RasMan service.

Error - 1/23/2011 11:12:40 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 1/23/2011 5:25:06 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The 6to4 service failed to start due to the following error: %%3

Error - 1/23/2011 6:43:46 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/24/2011 9:21:36 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7022
Description = The System Event Notification service hung on starting.

Error - 1/24/2011 9:21:36 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
gagp30kx


< End of report >


Thank you!!
jessicamaybe
Active Member
 
Posts: 8
Joined: January 22nd, 2011, 2:13 am

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 25th, 2011, 8:28 am

OTL

  • Open OTL once again
  • copy the contents from the codebox below and past into the area called customs scans/fixes
Code: Select all
:File
C:\FOUND.007
 C:\FOUND.008
 C:\FOUND.009
C:\WINDOWS\Phiqexomino.dat

:OTL
[2011/01/24 19:08:30 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Jessica\Desktop\couponprinter.exe
[2011/01/22 15:17:04 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2009/11/19 15:16:30 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/01/18 19:16:58 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


:commands
[EMPTYTEMP]
[REBOOT]


  • click on the run fix button
  • When it's ready a log will open please copy and past that log here in this thread
  • if you accedentaly close the log you can find it here C:\_OTListIt\MovedFiles

______________________________________________
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :contents
    C:\Documents and Settings\Jessica\Local Settings\Application Data\{9870BC6E-7749-4728-BCE5-99BD52539D84}
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



_______________________________________
  • Open the ESET Online Scanner in Internet Explorer

    [NOTE: FIREFOX USERS will be presented with an additional download please follow the prompts and allow it to download and install it.]
  • Tick the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
  • Once complete and the summary page appears, press Start, copy/paste the following command into the search box and press Enter:
    notepad "C:\Program Files\EsetOnlineScanner\log.txt"
  • The log file should now appear in Notepad, copy and paste the contents in your next response.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from OTL
  • The report from SystemLook
  • The report from Nod 32
  • Be sure and let me know if the redirects have stopped
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby jessicamaybe » January 25th, 2011, 9:45 pm

All processes killed
Error: Unable to interpret <:File> in the current context!
Error: Unable to interpret <C:\FOUND.007> in the current context!
Error: Unable to interpret <C:\FOUND.008> in the current context!
Error: Unable to interpret <C:\FOUND.009> in the current context!
Error: Unable to interpret <C:\WINDOWS\Phiqexomino.dat> in the current context!
========== OTL ==========
C:\Documents and Settings\Jessica\Desktop\couponprinter.exe moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com\defaults folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com\components folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com\chrome\content folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com\chrome folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xmias0tn.default\extensions\searchtoolbar@zugo.com folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\002612_.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 18756 bytes
->Flash cache emptied: 54940 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 103716900 bytes
->Java cache emptied: 1123593 bytes
->Flash cache emptied: 73327 bytes

User: Jessica
->Temp folder emptied: 174485663 bytes
->Temporary Internet Files folder emptied: 1338726 bytes
->Java cache emptied: 57560993 bytes
->FireFox cache emptied: 120725132 bytes
->Google Chrome cache emptied: 231123208 bytes
->Flash cache emptied: 2841501 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8191304 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 19921722 bytes

Total Files Cleaned = 688.00 mb


OTL by OldTimer - Version 3.2.20.5 log created on 01252011_132400

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...



SystemLook 04.09.10 by jpshortstuff
Log created at 13:33 on 25/01/2011 by Jessica
Administrator - Elevation successful

========== contents ==========

C:\Documents and Settings\Jessica\Local Settings\Application Data\{9870BC6E-7749-4728-BCE5-99BD52539D84} - Unable to open file.

-= EOF =-


I downloaded ESET online scanner. It didn't have the same options that you mentioned, though. There wasn't a scan button, just a start button. There wasn't a search box either. When it finished installing, the two main options were "Remove found threats" or "Scan archives." Below that, in advanced settings, there were the following options:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
and under Current scan targets, the option
Use custom proxy settings.

Does that sound familiar? Not sure what to do exactly.



HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:15 PM, on 1/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Jessica\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6685 bytes


So far it seems all the redirects have stopped.
jessicamaybe
Active Member
 
Posts: 8
Joined: January 22nd, 2011, 2:13 am

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 26th, 2011, 8:25 am

Hi Jessicamaybe'
So far it seems all the redirects have stopped.
:cheers:


about your question on Nod32.
Yes that all sounds correct. I have updated my instructions a bit. Let me know if they are clearer for you. ( and all others I will to post to)





_______________________________________
  • Open the ESET Online Scanner in Internet Explorer

    [NOTE: FIREFOX USERS will be presented with an additional download please follow the prompts and allow it to download and install it.
  • Then uncheck remove unwanted threats
  • place a check by scan archives.

    With internet explorer
  • Check the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • When the Computer scan screen appears, un-check remove found threats UNcheck but check the box next to Scan unwanted applications.
  • Under advanced settings check scan for potentially unwanted applications
  • check scan for potentially unsafe applications
  • Enable Anti-stealth technologies.
  • Once complete and the summary page appears, press windows Start, copy/paste the following command into the search box and press Enter:
    notepad "C:\Program Files\EsetOnlineScanner\log.txt"
  • The log file should now appear in Notepad, copy and paste the contents in your next response.

Post the contents of that for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 28th, 2011, 10:09 pm

Still with me Jessicamaybe ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby jessicamaybe » January 28th, 2011, 10:30 pm

Sorry! I haven't been home more than a couple minutes the last few days! Here's the log.


ESETSmartInstaller@High as downloader log:
all ok
can not get scanner. e_gle=1001
DLL:pipe not connected. attempts=120
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=8c9043b0c931cc4498549971cae2ea53
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-25 09:43:20
# local_time=2011-01-25 02:43:20 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 94752 94752 0 0
# compatibility_mode=768 16777215 100 0 36714450 36714450 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60149
# found=0
# cleaned=0
# scan_time=2482
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=8c9043b0c931cc4498549971cae2ea53
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-27 04:24:12
# local_time=2011-01-26 09:24:12 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 204094 204094 0 0
# compatibility_mode=768 16777215 100 0 36823792 36823792 0 0
# compatibility_mode=8192 67108863 100 0 28046 28046 0 0
# scanned=60758
# found=0
# cleaned=0
# scan_time=3589
jessicamaybe
Active Member
 
Posts: 8
Joined: January 22nd, 2011, 2:13 am

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 29th, 2011, 7:51 am

Looks good.
1 last thing to do.

_______________________________________
  • Click on OTL to open it
  • I want you to place a check mark by the word none in all 5 boxes you see on the left.
  • Under Files created check NONE
  • Under files modified check NONE
  • Uncheck purity and LOP.
  • Copy the text below in the code box into the custon scan box on the bottom.
    ( DO NOT COPY THE WORD CODE)
Code: Select all
:OTL
[2011/01/18 19:17:00 | 000,003,056 | ---- | M] () -- C:\WINDOWS\Phiqexomino.dat
011/01/18 13:21:14 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2011/01/13 09:15:10 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011/01/11 23:56:26 | 000,000,000 | -HSD | C] -- C:\FOUND.007

:Commands 
[emptytemp] 


Now click on Run scan.
    When it's done post the contents of
  • OTListIt.txt
  • Let me know if everything is still running OK.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby jessicamaybe » January 30th, 2011, 3:17 am

Here's the scan list:

OTL logfile created on: 1/30/2011 12:15:26 AM - Run 2
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 19.33 Gb Free Space | 34.60% Space Free | Partition Type: FAT32

Computer Name: ACER-2E68C49B20 | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========


< :OTL >

< [2011/01/18 19:17:00 | 000,003,056 | ---- | M] () -- C:\WINDOWS\Phiqexomino.dat >
Invalid Switch: 18 19:17:00 | 000,003,056 | ---- | M] () -- C:\WINDOWS\Phiqexomino.dat


< 011/01/18 13:21:14 | 000,000,000 | -HSD | C] -- C:\FOUND.009 >
Invalid Switch: 18 13:21:14 | 000,000,000 | -HSD | C] -- C:\FOUND.009


< [2011/01/13 09:15:10 | 000,000,000 | -HSD | C] -- C:\FOUND.008 >
Invalid Switch: 13 09:15:10 | 000,000,000 | -HSD | C] -- C:\FOUND.008


< [2011/01/11 23:56:26 | 000,000,000 | -HSD | C] -- C:\FOUND.007 >
Invalid Switch: 11 23:56:26 | 000,000,000 | -HSD | C] -- C:\FOUND.007


< >

< :Commands >

< [emptytemp] >

< >

< End of report >


So far everything is running awesome!!! Thanks so much for all of your help!
jessicamaybe
Active Member
 
Posts: 8
Joined: January 22nd, 2011, 2:13 am

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 30th, 2011, 9:22 am

:oops: I made a small error in my script to you. No harm other than doing it again.
Last time I promise.

_______________________________________
  • Click on OTL to open it
  • I want you to place a check mark by the word none in all 5 boxes you see on the left.
  • Under Files created check NONE
  • Under files modified check NONE
  • Uncheck purity and LOP.
  • Copy the text below in the code box into the custon scan box on the bottom.
    ( DO NOT COPY THE WORD CODE)
Code: Select all
:Files
C:\WINDOWS\Phiqexomino.dat
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007

:Commands 
[emptytemp] 


Now click on Run Fix.
    When it's done post the contents of
  • OTListIt.txt
  • Let me know if everything is still running OK.
[/quote]
Last edited by Bob4 on January 30th, 2011, 1:01 pm, edited 1 time in total.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Ohhhhh please help, please please?

Unread postby Bob4 » January 30th, 2011, 9:22 am

Disregard this.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware