Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

run of OTL.txt 9/13/2011 (I have seen no problems)


  • This topic is locked This topic is locked

#1
David M Barker

David M Barker

    New Member

  • Member
  • Pip
  • 4 posts
Upon signing up and logging in, I note " Suspect a malware infection (virus, spyware, rootkit)? " and wonder what is used to make that determination? I have already purchaced ZoneAlarm Suite and StopZilla to do what i hope will protect the pc and myself from frustation and attacks? But now there are ads on TV and radio about "Double-my-speed" or "fix-my_pc" that states that even my purchaces will not protect! I am told to go to their site and run the "scan" that will tell me what is supposes to be slowing the computer down? I did try something awhile back that after the scan told me I had bad dlls, registry errors, and misc. problems of over 500 plus and for a mire $50-plus they will run "another program" to "fix" and "repair" the problems" I do not want to buy another PC even if I had the money just to copy my drives and data to a "new" machine!
So is the " Suspect a malware infection (virus, spyware, rootkit)? " and ad or real help? I want to know who used it successfully and also anyone whom had a problem, and what/how you resolved it!
Sincerely with Thanks David M. Barker
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

On what site did you sign up?

Do you have any other issues that point at malware?
  • 0

#3
David M Barker

David M Barker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Note...I sign up at "geekstogo" w/ Internet explorer 8 (if that is the question?)
.....I do not think I have a "malware" problem but the geekstogo site appears to note I may have, I think I have a Slow pc. w/ 512 ram and a pent 4 processor! Also note my pc's clock 7:45 p.m.
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

This is malware removal forum. For issues related with this site please contact some of administrators.

If you're suspecting that your computer is infected please start here.
  • 0

#5
David M Barker

David M Barker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you I will try the Administrator
Just out of curiousity is there a charge for removal of malware?
thanks again
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It's free.

You're having this problem only on this site or also on some other sites?

Anyway as you are already here follow steps here then post logs in this thread and we will see what's going on.
  • 0

#7
David M Barker

David M Barker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 9/12/2011 10:26:25 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 286.45 Mb Available Physical Memory | 56.00% Memory free
1.78 Gb Paging File | 0.99 Gb Available in Paging File | 55.54% Paging File free
Paging file location(s): C:\pagefile.sys 1100 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.08 Gb Free Space | 63.18% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 224.50 Gb Free Space | 96.40% Space Free | Partition Type: NTFS

Computer Name: BARKER | User Name: family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/12 20:58:01 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\family\Desktop\OTL.exe
PRC - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 07:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 09:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/07/19 11:02:48 | 000,501,200 | R--- | M] (iS3, Inc.) -- c:\Program Files\STOPzilla!\SZOptions.exe
PRC - [2011/07/19 11:02:44 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/07/19 11:02:38 | 000,267,728 | R--- | M] (iS3, Inc.) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
PRC - [2011/07/19 11:02:38 | 000,062,928 | R--- | M] (iS3, Inc.) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2010/03/30 13:59:52 | 001,138,688 | ---- | M] (St. Bernard Software) -- C:\WINDOWS\UEAgent\UEAgent.exe
PRC - [2009/04/17 17:38:28 | 000,155,648 | ---- | M] (St. Bernard Software) -- C:\Program Files\Common Files\UpdateEXPERT\UELog.exe
PRC - [2008/09/10 13:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 16:18:28 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/10/20 05:47:54 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/20 04:40:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/01/12 21:40:24 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe
PRC - [2003/11/18 18:20:46 | 000,045,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
PRC - [2003/08/26 16:46:02 | 000,077,824 | ---- | M] () -- C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
PRC - [2001/09/26 23:39:42 | 000,245,760 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [1999/09/30 22:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2010/05/05 22:37:39 | 000,073,728 | ---- | M] () -- C:\WINDOWS\UEAgent\NetCon.dll
MOD - [2009/01/12 14:45:34 | 000,020,886 | ---- | M] () -- C:\WINDOWS\system32\ddmon.dll
MOD - [2004/10/20 05:47:54 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
MOD - [2004/10/20 05:47:40 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
MOD - [2004/10/20 04:40:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MOD - [2003/08/26 16:46:02 | 000,077,824 | ---- | M] () -- C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
MOD - [2003/02/07 18:24:20 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2002/04/29 15:04:08 | 000,246,032 | ---- | M] () -- C:\oracle\ora92\bin\oratrace9.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WebrootSpySweeperService)
SRV - File not found [Auto | Stopped] -- -- (WebrootCommAgentService)
SRV - File not found [On_Demand | Stopped] -- -- (rexesvr)
SRV - File not found [Auto | Stopped] -- -- (McciCMService)
SRV - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/07/19 11:02:38 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/10/01 02:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/30 13:59:52 | 001,138,688 | ---- | M] (St. Bernard Software) [Auto | Running] -- C:\WINDOWS\UEAgent\UEAgent.exe -- (UEAgent)
SRV - [2004/10/20 05:47:54 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/20 04:40:46 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2003/08/26 16:46:02 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe -- (InterPlot IMF Printer Driver Service)
SRV - [2002/04/26 20:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
SRV - [1998/06/10 06:43:40 | 000,095,744 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\ONRSD80.EXE -- (OracleOracle_HomeClientCache80)


========== Driver Services (SafeList) ==========

DRV - [2011/07/25 07:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/22 09:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/12 18:40:00 | 000,055,808 | ---- | M] (NTK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2001/09/26 22:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://firewall2:808....Routing.Script

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo..../www.yahoo.com/
IE - HKCU\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "FreeOnlineRadioPlayerRecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "FreeOnlineRadioPlayerRecorder Customized Web Search"
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2737658&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\family\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\family\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/08/24 13:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 09:32:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 09:01:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\family\Application Data\Move Networks [2010/05/23 22:26:16 | 000,000,000 | ---D | M]

[2009/08/01 23:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\family\Application Data\Mozilla\Extensions
[2011/08/25 14:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\family\Application Data\Mozilla\Firefox\Profiles\zf9jfy2k.default\extensions
[2011/08/16 11:24:05 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\family\Application Data\Mozilla\Firefox\Profiles\zf9jfy2k.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
[2010/06/23 14:01:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\family\Application Data\Mozilla\Firefox\Profiles\zf9jfy2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/08/16 11:25:18 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Community Toolbar) -- C:\Documents and Settings\family\Application Data\Mozilla\Firefox\Profiles\zf9jfy2k.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/08/25 14:00:59 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\family\Application Data\Mozilla\Firefox\Profiles\zf9jfy2k.default\extensions\[email protected]
[2011/06/20 14:08:48 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\family\Application Data\Mozilla\Firefox\Profiles\zf9jfy2k.default\searchplugins\conduit.xml
[2011/03/30 10:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/24 13:07:00 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2009/06/24 10:03:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/01 09:32:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/05/20 19:28:17 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (The blinkx Toolbar) - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files\blinkx Video Toolbar\the_blinkx_bho.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Sammsoft Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Sammsoft Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Sammsoft Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ultra Wipe Launcher.lnk = C:\Program Files\RedStrike\UltraWipe\Launcher.exe (RedStrike B.V)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\family\Start Menu\Programs\Startup\FreeMeter.lnk = C:\Program Files\FreeMeter\FreeMeter.exe (TILER.com)
O4 - Startup: C:\Documents and Settings\family\Start Menu\Programs\Startup\Shortcut to Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O4 - Startup: C:\Documents and Settings\family\Start Menu\Programs\Startup\Shortcut to STOPzilla.exe.lnk = C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Photodraw Trial\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: iwon.com ([]https in Trusted sites)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://www.shockwave...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1238423666755 (MUCatalogWebControl Class)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://rmgis.ruekert...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1140557184147 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238424417805 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA21ED45-FA62-41CA-ACD7-F21DA4A6E0BB}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/05 12:35:29 | 000,000,008 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/12/05 04:15:56 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 20:59:09 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\family\Desktop\OTL.exe
[2011/09/11 14:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\family\My Documents\Remember9_11
[2011/09/11 14:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/09/02 12:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/12 20:58:01 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\family\Desktop\OTL.exe
[2011/09/12 19:23:56 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\family\.plugin141_02.trace
[2011/09/12 13:25:52 | 000,006,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/12 10:20:14 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\family\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2011/09/12 09:55:33 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/09/12 09:54:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/12 09:51:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/12 09:51:16 | 536,379,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 14:37:53 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/08 14:28:26 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/03 16:55:24 | 000,001,847 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/02 12:27:18 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/09/02 12:15:55 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/02 12:03:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc699245457d00.job
[2011/08/29 19:17:55 | 000,138,477 | ---- | M] () -- C:\Documents and Settings\family\Desktop\boy_pilot.jpg
[2011/08/26 10:19:52 | 000,007,408 | ---- | M] () -- C:\Documents and Settings\family\Desktop\Undo BARKER 20110826 101928.Reg
[2011/08/25 12:03:08 | 000,321,688 | ---- | M] () -- C:\Documents and Settings\family\Desktop\RC.exe
[2011/08/16 16:13:05 | 000,135,713 | ---- | M] () -- C:\Documents and Settings\family\Desktop\YrRnd-Calendar_11-12.pdf
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/12 10:04:57 | 000,006,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/02 12:27:18 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/09/02 12:03:43 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc699245457d00.job
[2011/08/29 17:38:46 | 000,138,477 | ---- | C] () -- C:\Documents and Settings\family\Desktop\boy_pilot.jpg
[2011/08/26 10:19:28 | 000,007,408 | ---- | C] () -- C:\Documents and Settings\family\Desktop\Undo BARKER 20110826 101928.Reg
[2011/08/25 12:03:03 | 000,321,688 | ---- | C] () -- C:\Documents and Settings\family\Desktop\RC.exe
[2011/08/16 16:15:24 | 000,135,713 | ---- | C] () -- C:\Documents and Settings\family\Desktop\YrRnd-Calendar_11-12.pdf
[2011/07/25 13:09:00 | 000,000,101 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2011/07/25 13:03:01 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/07/25 13:02:58 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/05/30 11:03:30 | 000,000,279 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2010/10/31 22:22:03 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2010/03/25 20:48:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\family\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/25 20:48:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S
[2009/10/20 17:32:58 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/10/13 10:44:23 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/14 14:00:50 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\AVHELP.DLL
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/01 23:17:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/05 12:35:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/04/25 19:52:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2009/04/23 15:00:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat.szfi
[2009/04/21 13:40:16 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/21 13:40:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/21 13:40:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/21 13:40:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/13 17:41:42 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2009/04/13 17:06:20 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2009/04/09 08:56:16 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/04/09 08:56:16 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/04/09 08:56:15 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/04/09 08:56:15 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/04/09 08:56:15 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/04/09 08:56:15 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/04/09 08:56:15 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/04/08 13:27:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/03/27 08:14:20 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/24 07:54:36 | 000,000,139 | ---- | C] () -- C:\WINDOWS\bible.ini
[2009/03/23 12:48:52 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2009/03/23 12:48:43 | 000,000,034 | ---- | C] () -- C:\WINDOWS\TTINSTAL.INI
[2009/03/23 12:48:16 | 000,001,678 | ---- | C] () -- C:\WINDOWS\ccreativ.ini
[2009/03/23 12:40:11 | 000,000,071 | ---- | C] () -- C:\WINDOWS\ART.INI
[2009/03/23 08:32:49 | 000,000,558 | ---- | C] () -- C:\WINDOWS\ETNTInst.ini
[2009/03/23 08:27:59 | 000,000,589 | ---- | C] () -- C:\WINDOWS\ETOTInst.ini
[2009/03/23 07:19:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/03/12 12:41:59 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2006/03/15 10:38:49 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ORAODBC.INI
[2006/03/15 10:37:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ORACLE.INI
[2006/03/15 10:33:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2006/03/02 13:22:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/03/02 12:47:08 | 000,126,704 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2006/02/20 12:50:59 | 000,028,775 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2006/02/20 12:50:59 | 000,024,677 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2006/02/09 17:03:11 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/02/09 16:58:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/09 16:42:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/09 16:34:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/09 10:26:38 | 000,004,306 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/09 10:25:23 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/11/25 18:05:20 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\UNLHA32.DLL
[2003/02/07 18:24:20 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,484,638 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,080,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2000/11/30 13:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2000/01/01 06:17:35 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[1999/09/17 01:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[1999/09/17 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1998/01/15 15:46:22 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\OatLHA.DLL
[1996/04/12 16:55:23 | 000,000,115 | ---- | C] () -- C:\WINDOWS\System32\_CANONBJ.INI

========== LOP Check ==========

[2009/04/22 10:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/05/24 17:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2009/11/27 16:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/11/06 13:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2009/03/12 12:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/20 17:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/12 10:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/04/13 17:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/03/22 21:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/27 16:00:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2011/07/27 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\#ISW.FS#
[2009/03/27 08:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Anvil Studio
[2009/03/23 20:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\BatteryBar
[2010/06/11 22:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\CheckPoint
[2010/11/06 17:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\deskPDF
[2010/10/10 16:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Downloaded Installations
[2011/08/20 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\MailFrontier
[2009/04/21 16:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\OfficeUpdate12
[2011/07/27 18:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Power Sound Editor Free
[2009/04/25 23:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\progeSOFT
[2011/04/05 08:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Sammsoft
[2011/09/12 19:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\SwordSearcher 5
[2009/04/13 17:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Ulead Systems
[2009/11/27 16:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Uniblue
[2011/01/14 09:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Windows Search
[2009/10/04 08:39:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/05/31 08:16:59 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job
[2011/02/13 22:57:46 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System\MCIAAP.DRV:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\family\Desktop\Setupex.exe:SummaryInformation

< End of report >
OTL Extras logfile created on: 9/12/2011 10:26:25 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 286.45 Mb Available Physical Memory | 56.00% Memory free
1.78 Gb Paging File | 0.99 Gb Available in Paging File | 55.54% Paging File free
Paging file location(s): C:\pagefile.sys 1100 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.08 Gb Free Space | 63.18% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 224.50 Gb Free Space | 96.40% Space Free | Partition Type: NTFS

Computer Name: BARKER | User Name: family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01)
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.1.0.117
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1033-11D2-A2CD-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2 Trial
"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}" = HP Deskjet 1050 J410 series Product Improvement Study
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD3BFEE-79BF-40A1-A69D-97A53F216412}_0" = Bentley MicroStation (V 08.05.02.35) - 1
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}" = HP Deskjet 1050 J410 series Basic Device Software
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agent Ransack_is1" = Agent Ransack 2010
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"ATT-RC" = ATT-RC Self Support Tool
"ATT-RemoteControl" = ATT-RemoteControl
"Belarc Advisor 2.0" = Belarc Advisor 6.1
"blinkx Video Toolbar" = blinkx Video Toolbar
"CCleaner" = CCleaner
"CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition
"Digital Camera Driver" = Digital Camera Driver
"Encountering the New Testament" = Encountering the New Testament
"Encountering the Old Testament" = Encountering the Old Testament
"Family Tree Maker 2009" = Family Tree Maker 2009
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"Google Chrome" = Google Chrome
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"GraphicView 32" = GraphicView 32
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Java Web Start" = Java Web Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Picture It!" = Microsoft Picture It! 1.0
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Sound Editor Free" = Power Sound Editor Free
"PrintKey2000" = PrintKey2000
"progeCAD 2008 Smart! ENG" = progeCAD 2008 Smart! ENG
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Revisions99" = Revisions99
"ST6UNST #1" = OGT-Diagnostic Tool
"SwordSearcher_4_InnoSetup_is1" = SwordSearcher 4.8 Evaluation Version
"SwordSearcher_5_InnoSetup_is1" = SwordSearcher 5.5.1.3
"Test My Hardware_is1" = Test My Hardware 2.4
"UltraWipe" = UltraWipe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
let me know if you have another diagnoises. David M. Barker
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

It looks like we have a rogue antivirus here. Please do the following:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#9
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP