Trojan : Cannot use the Internet Explorer [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Trojan : Cannot use the Internet Explorer [Solved] Trojan and ??? Viruses???

#1 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 05 September 2009 - 02:01 PM

Dear All:

I'm lost. The internet explorer does not work after the cleaning procedure. The Malwarebytes does not update but was able to do a quick scan. My AVG detected some virus and removed it. PC Tools Firewall disables itself. My Superantispyware does not update as well.

I'm lost. Heeelllp.

Enclosed are my files.

OTL logfile created on: 09/05/2009 12:03:12 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.06% Memory free
3.33 Gb Paging File | 2.85 Gb Available in Paging File | 85.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.05 Gb Free Space | 33.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Jenny-05D9EDE48
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007/10/30 20:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/18 20:06:51 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2009/08/05 10:37:23 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/02/05 13:03:16 | 00,228,480 | ---- | M] (Digital Business Processes) -- C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
PRC - [2008/09/29 05:09:20 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/18 20:07:03 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/18 20:06:58 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/12/11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2005/08/08 14:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008/09/02 05:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
PRC - [2007/10/30 20:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/07 11:40:34 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2005/02/15 16:10:16 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2006/11/21 18:08:57 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/02/05 16:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/08/18 20:06:55 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2005/09/20 11:35:40 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/09/20 11:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/09/20 11:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/09/02 05:33:22 | 00,716,800 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/06/23 11:01:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2005/10/20 12:00:28 | 00,157,696 | ---- | M] () -- C:\Program Files\ERUNT\ERUNT.EXE
PRC - [2009/09/05 09:44:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/30 20:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2008/01/04 21:37:28 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/18 20:06:51 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2009/08/07 17:55:57 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/28 09:51:45 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/08/05 10:37:23 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/11/15 18:46:14 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Disabled | Stopped])
SRV - [2007/08/03 15:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Disabled | Stopped])
SRV - [2007/10/17 20:38:15 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007/02/10 06:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$NR2007 [On_Demand | Stopped])
SRV - [2005/10/14 03:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/02/05 13:03:16 | 00,228,480 | ---- | M] (Digital Business Processes) -- C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe -- (NeatReceipts Database Controller [Auto | Running])
SRV - [2008/09/29 05:09:20 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus [Auto | Running])
SRV - [2007/03/01 04:04:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped])
SRV - [2006/11/09 16:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2005/08/08 14:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/09/02 05:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2007/02/10 06:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV - [2007/10/30 20:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService [Auto | Running])
SRV - File not found -- -- (Windows MSI [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/04 22:50:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/05 10:37:25 | 00,000,000 | ---D | M]

O1 HOSTS File: (306500 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1173062552593 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/02 04:50:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/05 11:50:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jenny\Desktop\Log Geeks to Go
[2009/09/05 11:45:47 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\NTREGOPT.lnk
[2009/09/05 11:45:47 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\ERUNT.lnk
[2009/09/05 09:45:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/05 09:33:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/05 09:20:41 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/05 09:20:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/05 09:20:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/05 09:20:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/05 09:20:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/05 09:20:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/05 09:20:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/05 09:20:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/05 09:20:34 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/09/05 09:20:12 | 03,195,526 | R--- | C] () -- C:\Documents and Settings\Jenny\Desktop\ComboFix.exe
[2009/09/05 09:05:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/05 01:06:45 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/05 01:06:43 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/05 01:06:41 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/05 01:06:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/05 01:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jenny\Desktop\Log Malware 2009
[2009/09/05 01:03:14 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\HijackThis.lnk
[2009/09/05 01:03:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/04 22:58:33 | 00,053,337 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\Employment contract neeta.pdf
[2009/09/04 22:35:43 | 00,052,587 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\Employment contract.pdf
[2009/09/04 21:55:04 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\Employment contract.doc
[2009/09/02 17:02:42 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2009/09/02 17:02:38 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/09/02 17:02:36 | 00,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2009/09/02 17:02:30 | 00,000,000 | ---D | C] -- C:\Program Files\Brother
[2009/09/02 16:24:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jenny\Application Data\Brother
[2009/09/02 16:23:47 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/09/02 16:23:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/02 16:23:29 | 00,000,000 | ---D | C] -- C:\Program Files\Brownie
[2009/09/02 16:23:28 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/02 16:23:15 | 00,192,512 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2009/09/02 16:18:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/09/02 16:11:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/09/02 14:36:22 | 00,000,000 | ---D | C] -- C:\WTablet
[2009/09/02 10:58:28 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJFax
[2009/09/02 01:46:35 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\PROMissory Note Cielo.doc
[2009/09/02 01:15:31 | 00,005,310 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\PromissoryNote.pdf
[2009/09/01 23:15:59 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jenny\Desktop\Canon Printer
[2009/09/01 22:55:44 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\My Computer.lnk
[2009/09/01 22:24:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2009/09/01 22:20:55 | 00,014,592 | ---- | C] () -- C:\WINDOWS\System32\CNC1735D.TBL
[2009/09/01 22:20:41 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/01 22:20:21 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2009/09/01 22:19:54 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/09/01 22:19:38 | 00,117,850 | ---- | C] () -- C:\WINDOWS\System32\Cnmnput.chm
[2009/09/01 22:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/08/30 22:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jenny\My Documents\Hu Friedy
[2009/08/30 19:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/29 19:01:13 | 07,623,334 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\G10.pdf
[2009/08/25 18:09:25 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/25 18:09:25 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/25 18:09:20 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/25 18:08:53 | 00,097,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw.sys
[2009/08/25 18:08:52 | 00,095,640 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2009/08/25 11:12:34 | 00,063,745 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2009/08/24 22:11:23 | 12,862,6815 | ---- | C] () -- C:\Documents and Settings\Jenny\Desktop\dot.psd

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[2009/09/05 11:48:55 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\NTREGOPT.lnk
[2009/09/05 11:48:54 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\ERUNT.lnk
[2009/09/05 11:46:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/05 11:44:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/05 09:46:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/05 09:46:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/05 09:30:45 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/05 09:19:18 | 03,195,526 | R--- | M] () -- C:\Documents and Settings\Jenny \Desktop\ComboFix.exe
[2009/09/05 09:13:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\HijackThis.lnk
[2009/09/05 01:11:26 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\Jenny \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 01:06:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/05 00:17:09 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\Revo Uninstaller.lnk
[2009/09/04 22:58:33 | 00,053,337 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\Employment contract neeta.pdf
[2009/09/04 22:58:19 | 00,052,587 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\Employment contract.pdf
[2009/09/04 22:34:59 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\Employment contract.doc
[2009/09/04 06:49:27 | 40,603,993 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/03 09:13:21 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2009/09/03 06:49:28 | 00,076,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/02 17:02:44 | 00,009,853 | ---- | M] () -- C:\WINDOWS\HL-2170W.INI
[2009/09/02 17:02:44 | 00,000,146 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2009/09/02 17:02:42 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD2170W.DAT
[2009/09/02 16:23:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2009/09/02 16:23:28 | 00,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/02 14:35:35 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/02 01:46:35 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\PROMissory Note Cielo.doc
[2009/09/02 01:15:31 | 00,005,310 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\PromissoryNote.pdf
[2009/09/01 23:10:00 | 05,833,814 | -H-- | M] () -- C:\Documents and Settings\Jenny \Local Settings\Application Data\IconCache.db
[2009/09/01 22:55:44 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\My Computer.lnk
[2009/08/30 00:54:44 | 00,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2009/08/29 19:01:13 | 07,623,334 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\G10.pdf
[2009/08/25 11:12:34 | 00,063,745 | ---- | M] () -- C:\Program Files\Uninstall.exe
[2009/08/24 22:11:31 | 12,862,6815 | ---- | M] () -- C:\Documents and Settings\Jenny \Desktop\dot.psd
[2009/08/23 22:00:03 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

========== LOP Check ==========

[2009/09/02 16:11:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/31 12:25:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/12 18:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2009/07/16 20:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/08/07 18:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/09/02 16:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2007/05/13 17:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/01/25 23:24:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2009/09/01 22:20:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/02 10:58:28 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFax
[2007/12/22 18:49:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/03/02 21:22:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/02/03 10:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/02/07 18:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2007/03/02 21:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/07/20 07:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/03/01 09:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2008/05/26 14:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/12/22 23:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/10/11 15:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeatReceipts Professional
[2007/12/20 14:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/23 14:00:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/10/11 15:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/09/10 18:01:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/05 09:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/12 19:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/10/13 20:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/02 16:24:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jenny \Application Data
[2009/06/02 23:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Acronis
[2008/01/05 22:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Ahead
[2007/08/08 16:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\ArcSoft
[2009/09/02 16:24:11 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Jenny \Application Data\Brother
[2008/03/16 19:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\BSplayer Pro
[2007/03/04 00:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\CyberLink
[2008/07/19 23:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\cYo
[2008/02/03 10:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\DAEMON Tools Pro
[2008/10/03 00:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\dvdcss
[2008/01/26 17:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\EPSON
[2008/03/01 09:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Genie-Soft
[2008/04/12 14:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\GlarySoft
[2007/12/22 18:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Intuit
[2007/03/03 22:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Leadertech
[2008/10/21 18:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\MindMapper 2008
[2008/06/14 23:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Mobipocket
[2009/09/04 23:32:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\PCToolsFirewallPlus
[2008/10/11 15:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\ScanSoft
[2008/02/09 09:06:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jenny \Application Data\SecuROM
[2008/08/23 11:34:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Simply Super Software
[2008/10/12 23:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Smart Panel
[2007/10/23 08:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Smart Recorder
[2008/01/04 21:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Thinstall
[2008/03/01 18:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\TypingMaster7
[2008/05/27 22:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\U3
[2009/09/05 00:05:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\uTorrent
[2009/04/14 21:27:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\Vso
[2007/03/03 23:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\WhenU
[2009/09/05 11:44:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\WTablet
[2008/08/10 00:35:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jenny \Application Data\YouSendIt
[2009/09/02 14:35:35 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/02/28 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/05 11:46:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/09/05 09:46:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/23 22:00:03 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

************************************************

OTL Extras logfile created on: 09/05/2009 12:10:53 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.90% Memory free
3.33 Gb Paging File | 2.78 Gb Available in Paging File | 83.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 24.97 Gb Free Space | 33.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-05D9EDE48
Current User Name: jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = jsfile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0d7b01f4-4e82-4a97-bd21-a12616e10f52}" = Nero 9
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232E984E-F02D-4DAE-80F4-97884EC52F16}" = MindMapper 2008
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (NR2007)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45BBE232-3009-4F32-9D6B-FFF1455F36E2}" = Age Of Mythology
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4EB092F5-185E-4FE6-8ED7-23F61C17D76C}" = SYSTAT 12
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74039C50-A844-4857-A211-15BFB955ADB2}" = Brother HL-2170W
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E545666-F434-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Professional Services Edition 2007
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82644DC0-0DBA-4E33-9AF6-44BC72B378B5}" = DENTRIX G2
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D199EBB-749F-478E-B4E4-9D343A1BEB07}" = NeatReceipts Professional 3.0 Core Files
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{908810B7-0819-4156-8420-0E4996E7BF57}" = DENTRIX G2 Practice Assistant
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91789CDD-E83A-4186-B436-AA7A588679FD}" = NeatReceipts Database Controller
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9E6F2D32-FF1A-477C-A9C9-CFBD0BD9D015}" = Crystal Reports for DENTRIX
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC17AD93-CF7E-455C-A18A-49AC181C770A}" = DENTRIX G2 Required Components
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D230CFB8-CFAA-4A72-B672-B8FE43B513C2}" = Wincopy2007
"{D3E449A1-EDE3-4CF8-9F9D-5DA508A734BC}" = SignatureSetup
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D683E370-3B68-4BE0-8C29-1326F2EABCCC}" = SYSTAT 12 Manuals
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.4.3.8
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"ABC Amber Palm Converter" = ABC Amber Palm Converter
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Age of Mythology 1.0" = Age of Mythology
"AVG8Uninstall" = AVG Free 8.5
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner (remove only)
"CHM To PDF PRO_is1" = CHM To PDF Converter PRO
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComicRack" = ComicRack v0.9.87
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.1.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Free Ipod Video Converter_is1" = Free Ipod Video Converter V 2.4
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"iCF Skin Pack" = iCF Skin Pack
"iColorFolder" = iColorFolder
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{82644DC0-0DBA-4E33-9AF6-44BC72B378B5}" = DENTRIX G2
"InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"InstallShield_{908810B7-0819-4156-8420-0E4996E7BF57}" = DENTRIX G2 Practice Assistant
"InstallShield_{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"IObit SmartDefrag Beta3.1_is1" = IObit SmartDefrag Beta3.1
"Kingdia Video to AVI DIVX WMV DVD MOV ASF MPEG F~648C5368_is1" = Kingdia Video to AVI DIVX WMV DVD MOV ASF MPEG FLV Converter V1
"Liberty BASIC v4.03" = Liberty BASIC v4.03
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Monkey's Audio_is1" = Monkey's Audio
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeatReceipts Professional" = NeatReceipts Professional
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"PeerGuardian_is1" = PeerGuardian 2.0
"PixelToolbox 1.1" = PixelToolbox 1.1
"PowerISO" = PowerISO
"Quiz-Buddy 4.0_is1" = Quiz-Buddy 4.0
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"Sandboxie" = Sandboxie 3.30
"Silent Package Run-Time Sample" = EPSON CX4600 Reference Guide
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SSC Service Utility_is1" = SSC Service Utility v4.30
"ST6UNST #1" = Mandibular Symphyseal Distraction Osteogenesis Calculator
"ST6UNST #2" = Arc Calculator
"ST6UNST #3" = Liberty BASIC Workshop
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SysInfo" = Creative System Information
"The KMPlayer" = The KMPlayer (remove only)
"Trojan Remover_is1" = Trojan Remover 6.7.4
"Universal Viewer" = Universal Viewer
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wacom Tablet Driver" = Wacom Tablet
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/05/2009 2:33:14 AM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 09/05/2009 3:08:37 AM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 09/05/2009 3:29:52 AM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 09/05/2009 3:34:08 AM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 09/05/2009 3:35:59 AM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 09/05/2009 3:36:18 AM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 09/05/2009 4:11:28 AM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 09/05/2009 12:01:56 PM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 09/05/2009 12:11:06 PM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 09/05/2009 12:47:07 PM | Computer Name = JENNY-05D9EDE48 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The NeatReceipts Database Controller service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The TabletServiceWacom service terminated unexpectedly. It has done
this 1 time(s).

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The Acronis Try And Decide Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Nero BackItUp Scheduler 4.0
service, but this action failed with the following error: %%1055

Error - 09/05/2009 12:45:18 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Firewall Plus service terminated unexpectedly. It has
done this 1 time(s).

Error - 09/05/2009 12:45:19 PM | Computer Name = JENNY-05D9EDE48 | Source = Service Control Manager | ID = 7034
Description = The StarWind AE Service service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

**************************************************************

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

09/05/2009 8:58:50 AM
mbam-log-2009-09-05 (08-58-50).txt

Scan type: Quick Scan
Objects scanned: 123993
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.137,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.137,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.137,85.255.112.100 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****************************************************

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

09/05/2009 8:58:50 AM
mbam-log-2009-09-05 (08-58-50).txt

Scan type: Quick Scan
Objects scanned: 123993
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.137,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.137,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.137,85.255.112.100 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

**********************

Thanks in advance and I look forward to all your help. I'm lost.

Zarby

#2 emeraldnzl

Group: GeekU Moderator
Posts: 14,404
Joined: 19-November 07

Posted 11 September 2009 - 08:56 PM

Hello Zarby,

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Also copy this link for router passwords - see below http://www.phenoelit...rg/dpl/dpl.html

Some things here to know.

DNS changer infects your router.

We need to clean your machine again, off line, so that the router can't re-infect your computer.

Before you use the router again we want to re-set it to it's default settings to remove the infection and stop it coming back.

Some routers you can re-set quite easily just by rebooting them others need a different approach. Some types of internet (i.e. DSL connections that use PPPoE in the router), you will need to know the data to re-setup the router itself.

What I am going to do now is give you some instructions that work in most cases.

If however it doesn't work for you, you will lose internet connection and will need to talk to your router provider to ascertain how to re-setup your router.

You have used Malwarebytes before.

If you no-longer have Malwarebytes please download from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.

Launch Malwarebytes' Anti-Malware, then click Finish.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now

#3 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 12 September 2009 - 12:19 AM

Hi Emeraldnzl,

Thanks for replying my post. I did the following on the infected computer.

1. Disconnected the ethernet local connection
2. Uninstall the MWbytes
3. Reinstall the MWbytes that was downloaded from your link
4. Ran the quickscan - no infections found
5. Reset the router ( I have reset the restrictions that permit only certain pcs to log on)
6. Infected computer still cannot connect to the internet. Error message on MBbytes as
" An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team. Error code: 732(0,0)

The other computers that are coneected to the router do not have any problems. No infections found on these pcs.

Checked the new ipaddress of the computer and have already entered new ipaddress into the router to allow internet access.

What should I do? Did I do something wrong?
Thanks for your time and look forward to your advice.

Zarby

Attached File(s)

mbam_log_2009_09_11__22_38_05_.txt (836bytes)
Number of downloads: 48

#4 emeraldnzl

Group: GeekU Moderator
Posts: 14,404
Joined: 19-November 07

Posted 12 September 2009 - 12:28 AM

Hello Zarby,

Well done I think you should give yourself a pat on the back.

Quote

What should I do? Did I do something wrong?

No I don't think so. The DNs changer seems to be gone which is a plus. Guess we better have a look around to make sure there is nothing else there.

Now

Please download RootRepeal.zip and unzip it to your Desktop.

Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
- Hidden Services
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

Post the contents of RootRepeal.txt in your next reply.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

Read through the requirements and privacy statement and click on Accept button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post
RootRepeal.txt
Kaspersky scan results
and tell me how your computer is

#5 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 12 September 2009 - 12:39 AM

Hi Emeraldnzl,

Thanks again for the speedy reply. Running RootRepeal. What should I do with the Kaspersky Online? Can't get online.

Hmmmmm?

Zarby

#6 emeraldnzl

Group: GeekU Moderator
Posts: 14,404
Joined: 19-November 07

Posted 12 September 2009 - 01:44 AM

Quote

What should I do with the Kaspersky Online? Can't get online.

Okay, my bad, I had assumed that was overcome when we got rid of DNS Changer.

Should have checked first.

After you have run RootRepeal please do this:

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So then now when you return please post
RootRepeal.txt
ComboFix.txt

#7 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 12 September 2009 - 07:54 PM

Hi Emeraldnzl,

Did the RootRepeal on C: drive (did not work on external HD) and ComboFix. Here are the two files you requested.

I wish to inform you that the internet did not work after the scans. However, there was an IP conflict that appeared on the network. Resolved it by reconfiguring the local area connection to auto settings and restarted the computer. The internet now works and I have updated the Malwarebytes AW,AVG Antivirus, and SuperAntiSpyware.

What should I do next? I believe we are making progress. Looking forward to your reply.

Zarby

Attached File(s)

ComboFix_09.txt (20.35K)
Number of downloads: 74
RootRepeal_report_09_12_09__08_04_33_.txt (37.4K)
Number of downloads: 73

#8 emeraldnzl

Group: GeekU Moderator
Posts: 14,404
Joined: 19-November 07

Posted 12 September 2009 - 08:19 PM

Hello zarby,

Quote

I wish to inform you that the internet did not work after the scans.

Yes ComboFix cuts your machine off from the Internet while it runs. Normally it will reconnect afterward but occasionally there is a glitch and as you did, the internet connections have to be reset.

Another reason ComboFix should be run under supervision.

Now

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

Read through the requirements and privacy statement and click on Accept button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post
SuperAntiSpyware log
Kaspersky scan results
and tell me how your machine is now

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

#9 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 13 September 2009 - 06:06 PM

Hi Emeraldnzl,

Did as instructed and here are my latest log results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 13, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 13, 2009 04:19:44
Records in database: 2799763
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
K:\
X:\

Scan statistics:
Objects scanned: 307721
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 06:07:01

File name / Threat / Threats count
K:\Software\Glary Utilities\gusetup.exe Infected: Virus.Win32.Induc.a 2

Selected area has been scanned.

******************************'

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/13/2009 at 11:50 AM

Application Version : 4.26.1006

Core Rules Database Version : 4097
Trace Rules Database Version: 2037

Scan type : Complete Scan
Total Scan Time : 02:35:06

Memory items scanned : 524
Memory threats detected : 0
Registry items scanned : 7162
Registry threats detected : 0
File items scanned : 304122
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\B\Cookies\B@adbureau[1].txt
C:\Documents and Settings\B\Cookies\B@adlegend[1].txt
C:\Documents and Settings\B\Cookies\B@cgm.adbureau[2].txt
C:\Documents and Settings\B\Cookies\B@interclick[1].txt
C:\Documents and Settings\B\Cookies\B@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\B\Cookies\B@server.cpmstar[1].txt
C:\Documents and Settings\D\Cookies\D@interclick[1].txt
C:\Documents and Settings\D\Cookies\D@microsoftwindows.112.2o7[1].txt
C:\Sandbox\Jenny \DefaultBox\user\current\Cookies\Jenny@ads.geek-tools[1].txt
C:\Sandbox\Jenny\DefaultBox\user\current\Cookies\Jenny@adv.yesasia[1].txt
C:\Sandbox\Jenny\DefaultBox\user\current\Cookies\Jenny@atwola[1].txt
C:\Sandbox\Jenny\DefaultBox\user\current\Cookies\Jenny@chitika[2].txt

Removed all the quarantined items from SuperAntiSpyware. I believe the items from Glary products were recommended by PC Computer as some form of PC Utility. Did not remove the items scanned by Kapersky.

The internet seems fine and working properly. Are my previous scans fine and free from malicious items? Thanks again and sorry it took so long to get the logs.

Zarby

#10 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 13 September 2009 - 06:08 PM

Dear Emeraldnzl,

How do you delete the files from Sandboxie? Thought the program clears the items when the PC restarts?

Zarby

#11 emeraldnzl

Group: GeekU Moderator
Posts: 14,404
Joined: 19-November 07

Posted 13 September 2009 - 07:28 PM

Hello zarby,

Quote

How do you delete the files from Sandboxie?

Go to the link below for instructions about how to configure your Sandboxie.

http://www.sandboxie...?DeleteSettings

Now I think your machine is clean.

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Step 2

Make sure you have an Internet Connection.
Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here Java Runtime Environment (JDK) Update
Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

Reboot your computer.
You also need to uininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

NoScripts is a good Add-on for Firefox that prevents execution of malicious scripts.

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

Microsoft Windows Update

monthly.

It is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > Automatic Updates
* Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
* Click Apply then OK.

And to keep your system clean consider choosing from these free malware scanners and running it
AdAware SE Personal
Spybot Search & Destroy
SuperAntiSpyWare

weekly. Be aware of what emails you open and websites you visit.

An antivirus program is essential.

Here are a couple of to choose from (these are also free for personal use):

Avast
AVIRA Note: AVIRA free comes with adware that promotes their paid for version each time it updates.

I like Avira but some people find the pop up advertisements each time it updates a bit trying.

A firewall is essential to help prevent hackers from infiltrating your computer.

Here are two good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!

#12 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 13 September 2009 - 10:17 PM

Hi Emeraldnzl,

Thanks for all your time in clearing out my mess. Should I be worried about what Kaspersky detected? I was lost in regards to the MVPS Hosts File. Are you suppose to download the list and place it in the *****.etc directory?

Zarby

#13 emeraldnzl

Group: GeekU Moderator
Posts: 14,404
Joined: 19-November 07

Posted 13 September 2009 - 10:42 PM

Hello zarby,

Quote

Should I be worried about what Kaspersky detected?

Well that one is picked up by some anti-virus/anti-spyware as bad but I think that is problematical and as you say it was recommended by PC Tools to you.

Let's check it:

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
K:\Software\Glary Utilities\gusetup.exe
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Quote

I was lost in regards to the MVPS Hosts File.

Well if you decide to get Spybot Search & Destroy it will take care of it for you. However if you don't, just go to the link I provided and scroll down to the part with HostsXpert. Follow the instructions in that part of the web page. Just a bit of added protection... not the end of the world though if you don't do it.

#14 zarby

Group: Member
Posts: 24
Joined: 05-September 09

Posted 14 September 2009 - 10:05 PM

Hi Emeraldnzl,

Here is the result.

VirSCAN.org Scanned Report :
Scanned time : 2009/08/21 02:46:57 (CST)
Scanner results: 16% Scanner(6/37) found malware!
File Name : gusetup.exe
File Size : 6056616 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : df3e45dd7a701206754b201d79af0bc7
SHA1 : 1ae533e99f9452edcdc5dbde1fd37179fb445022
Online report : http://virscan.org/report/189f6b7c613cef7c...be82b492c2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090820220213 2009-08-20 0.36 -
AhnLab V3 2009.08.21.00 2009.08.21 2009-08-21 0.78 -
AntiVir 8.2.1.3 7.1.5.143 2009-08-20 0.32 -
Antiy 2.0.18 20090819.2718903 2009-08-19 0.02 -
Arcavir 2009 200908201624 2009-08-20 0.11 -
Authentium 5.1.1 200908191809 2009-08-19 1.36 -
AVAST! 4.7.4 090820-0 2009-08-20 2.89 Win32:Induc
AVG 8.5.288 270.13.62/2315 2009-08-20 1.88 -
BitDefender 7.81008.3911117 7.27249 2009-08-20 3.57 -
CA (VET) 9.0.0.143 31.6.6688 2009-08-20 7.48 -
ClamAV 0.95.2 9722 2009-08-20 0.82 -
Comodo 3.10 2036 2009-08-20 0.79 -
CP Secure 1.1.0.715 2009.08.21 2009-08-21 12.30 -
Dr.Web 4.44.0.9170 2009.08.20 2009-08-20 10.88 Win32.Induc
F-Prot 4.4.4.56 20090819 2009-08-19 1.29 -
F-Secure 7.02.73807 2009.08.20.10 2009-08-20 3.29 Virus.Win32.Induc.a [AVP]
Fortinet 2.81-3.120 10.736 2009-08-19 0.50 -
GData 19.7271/19.446 20090820 2009-08-20 8.34 Virus.Win32.Induc.a [Engine:A]
ViRobot 20090820 2009.08.20 2009-08-20 0.43 -
Ikarus T3.1.01.68 2009.08.20.73322 2009-08-20 3.51 -
JiangMin 11.0.800 2009.08.20 2009-08-20 3.73 -
Kaspersky 5.5.10 2009.08.20 2009-08-20 5.88 Virus.Win32.Induc.a
KingSoft 2009.2.5.15 2009.8.20.18 2009-08-20 0.48 -
McAfee 5.3.00 5715 2009-08-20 3.07 -
Microsoft 1.4903 2009.08.20 2009-08-20 10.14 Virus:Win32/Induc.A
Norman 6.01.09 6.01.00 2009-08-17 4.01 -
Panda 9.05.01 2009.08.20 2009-08-20 2.69 -
Trend Micro 8.700-1004 6.381.00 2009-08-20 0.03 -
Quick Heal 10.00 2009.08.20 2009-08-20 2.62 -
Rising 20.0 21.43.34.00 2009-08-20 6.92 -
Sophos 2.89.1 4.44 2009-08-21 3.38 -
Sunbelt 5345 5345 2009-08-19 1.37 -
Symantec 1.3.0.24 20090820.003 2009-08-20 0.15 -
nProtect 20090818.01 5093763 2009-08-18 7.26 -
The Hacker 6.3.4.3 v00384 2009-08-20 0.94 -
VBA32 3.12.10.9 20090819.1841 2009-08-19 3.44 -
VirusBuster 4.5.11.10 10.112.10/1800822 2009-08-19 4.12 -

I loaded the Spybot plus your recommended database to my "hosts" file. How do I check that the "hosts" file works? THANKS.

Zarby

#15 emeraldnzl

Group: GeekU Moderator
Posts: 14,404
Joined: 19-November 07

Posted 14 September 2009 - 10:32 PM

Quote

How do I check that the "hosts" file works? THANKS.

The hosts file is a simple list of hostnames and their corresponding IP addresses, which your computer looks at every time you try and contact a previously unknown hostname. If it finds an entry for the computer you're trying to reach, it sets the IP address for that computer to be whatever's in the hosts file.

127.0.0.1 is a special IP address which, to a computer, always means that computer. Any time a machine sends a network request to 127.0.0.1, it is talking to itself. This is very useful when it comes to blocking ads, because all we have to do is specify the IP address of any ad server to be 127.0.0.1. And to do that, all we have to do is edit the hosts file. What will happen then is something like this:

1. you visit a web page
2. the web page contains a banner ad stored on the server "ads.example.com"
3. your computer says "ads.example.com? never heard of it. wait a second, let's see if I've got the number on me..."
4. your computer finds its hosts file and checks to see if ads.example.com is listed
5. it finds the hostname, which points to 127.0.0.1
6. "great", says the computer, and sends off a request to 127.0.0.1 for the banner ad that's supposed to be on the page
7. "oh", says the computer, and fails to show anything because it just sent a request to itself for a banner ad

Where's my hosts file?

* Windows NT: C:\WinNT\hosts
* Windows 2000: C:\WinNT\system32\drivers\etc\
* Windows XP: C:\Windows\System32\drivers\etc

Thanks to pgl.yoyo.org/adservers for this explaination

You can also open Spybot Search & Destroy and click on Immunize. That will add a list to your hosts file.

As far as virscan is concerned I think it's probably as we thought. 16% found malware but unless you are having problems I think they are probably false positives.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Trojan : Cannot use the Internet Explorer [Solved] - Geeks to Go Forums