avast just disapeared

[handbaggirl]

Hi, im running windows xp, have avast running, the free version, have it update on auto, today it just disappeared fro my system completely...went and downloaded and installed the latest version, did full scan and boot scan, no virus found..bit concerned that it just disappeared like that , no problems like this before, using Opera as browser, had virus in Mcafee and adobe last month, removed both, no probs since..any takers?

[Armageddon]

Hi I dont know if Avast should remove itself even if a new version is out maybe one of our security guys could confirm/deny that in the meantime could you run the following scans so our guys can have a closer look.

 

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on Download_mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
    

  [*]Then click Finish.

  [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

  [*]On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.
    

  [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

  [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  [*]Click OK to close the message box and continue with the removal process.

  [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

  [*]Make sure that everything is checked, and click Remove Selected.

  [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

  [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

  [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

Step 2

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check
  

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
  

Note:

Running the above script with OTL will :

turn on your system restore and set a new restore point (XP only)

set a new restore point (if system restore is turned on) Vista & Win7.

 

In your next reply, please submit:

MBAM scan report

Both reports from OTL

 

 

Whilst we are helping you, please don't run other programs/scans without our knowledge .... it only confuses things.

 

Thanks.

 

Dave

[handbaggirl]

Hi, ive got the malware installed so i will run it tomorrow and download the other thing and do what you ask, cant do it tonight ..thanks fingers crossed..by the way, the new avast icon disappeared from my tray a few mins ago, i opened the interface via the desktop shortcut and it then reappeared in my tray ..weird !!

[Starbuck]

The 2 steps advised by Armageddon should help to throw some light on to this.

 

have avast running, the free version, have it update on auto, today it just disappeared fro my system completely.

This is not normal.

If a newer version was available, it would have just updated the version you had..... it wouldn't have left you with nothing.

[handbaggirl]

have done all you asked but i cannot seem to paste my logs here, am i missing something? Edited February 22, 2012 by handbaggirl

[handbaggirl]

here is the log from the malware

Malwarebytes Anti-Malware 1.60.1.1000

http://www.malwarebytes.org

 

Database version: v2012.02.21.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Diane :: DIANESCOMPUTER [administrator]

 

22/02/2012 08:07:58

mbam-log-2012-02-22 (08-07-58).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 318821

Time elapsed: 1 hour(s), 14 minute(s), 27 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[handbaggirl]

here is the first log from otl

OTL logfile created on: 22/02/2012 09:26:50 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Diane\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

501.77 Mb Total Physical Memory | 122.31 Mb Available Physical Memory | 24.38% Memory free

1.24 Gb Paging File | 0.22 Gb Available in Paging File | 17.57% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.72 Gb Total Space | 96.65 Gb Free Space | 66.32% Space Free | Partition Type: NTFS

Drive D: | 3.32 Gb Total Space | 1.43 Gb Free Space | 43.12% Space Free | Partition Type: FAT32

 

Computer Name: DIANESCOMPUTER | User Name: Diane | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Diane\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)

PRC - C:\WINDOWS\zHotkey.exe ()

PRC - C:\WINDOWS\system32\slserv.exe ( )

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()

MOD - C:\Program Files\Alwil Software\Avast5\defs\12022101\algo.dll ()

MOD - C:\Program Files\Alwil Software\Avast5\defs\12022100\algo.dll ()

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\WINDOWS\zHotkey.exe ()

MOD - C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()

MOD - C:\WINDOWS\HKNTDLL.dll ()

MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL ()

MOD - C:\Program Files\Microsoft Office\Office\OSA.EXE ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- File not found

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- File not found

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (optovcm) -- C:\WINDOWS\system32\drivers\optovcm.sys (OPTO ELECTRONICS CO.,LTD.)

DRV - (optousb) -- C:\WINDOWS\system32\drivers\optousb.sys (OPTO ELECTRONICS CO.,LTD.)

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)

DRV - (SunkFilt39) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys (Alcor Micro Corp.)

DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )

DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )

DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )

DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys ( )

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )

DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys ( )

DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys ( )

DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)

DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (DC21x4) -- C:\WINDOWS\system32\drivers\dc21x4.sys (Intel Corporation.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE8HP&PC=B8DF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"

FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/16 08:09:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/02/08 15:24:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/03 15:47:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/09 12:52:34 | 000,000,000 | ---D | M]

 

[2009/01/03 18:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Extensions

[2012/01/31 14:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\x1lx8ebb.default\extensions

[2011/12/19 08:05:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\x1lx8ebb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/01/31 14:35:03 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\x1lx8ebb.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

[2010/06/24 07:41:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\x1lx8ebb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2011/04/04 12:51:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\x1lx8ebb.default\extensions\engine@conduit.com

[2011/12/16 08:45:51 | 000,000,000 | ---D | M] (Facebook Toolbar) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\x1lx8ebb.default\extensions\firefox@facebook.com

[2011/04/13 14:32:30 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\x1lx8ebb.default\extensions\personas@christopher.beard

[2012/01/31 08:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/16 08:09:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2011/12/20 14:18:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012/02/03 15:47:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009/08/27 19:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll

[2011/12/20 14:18:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/01/30 13:23:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/03 16:43:25 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/01/30 13:23:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: BT Broadband Support Tools (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll

CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google Search = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Email this page (by Google) = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\

CHR - Extension: SiteAdvisor for Chrome = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dckheglehcdhpjkdmmmghbgkcdebhhae\1.0.2_0\

CHR - Extension: SiteAdvisor = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

CHR - Extension: History Button = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfongoinh\1.0\

CHR - Extension: Tab Saver = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmabnicpoccpllcbcioincnllkilhiah\0.8.2_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

CHR - Extension: Print = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd\2.0.1.8_0\

CHR - Extension: Print Plus = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jddhalnkfenmfffadkkghmamhikplbap\0.3_0\

CHR - Extension: Facebook Styler = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oibchndgminbbeopaejobnnajfjgkcnk\4.1.2_0\

CHR - Extension: Blog This! = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk\0.0.8_0\

CHR - Extension: Gmail = C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

 

O1 HOSTS File: ([2004/08/04 19:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [E0756EFBE3605F45893D325421255D7CCD786625._service_run] C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKCU..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

O4 - Startup: C:\Documents and Settings\Diane\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()

O4 - Startup: C:\Documents and Settings\Diane\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Internet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.co.uk/s/v/44.11/uploader2.cab (UploadListView Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandscan.com/TNSClickrc.CAB (TNSClickerc.Clicker)

O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D404B6A-AB75-46EB-8DA0-6F6EDF5A0E02}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Diane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Diane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/09/06 16:55:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2003/08/09 00:24:26 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/22 09:24:41 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Diane\Desktop\OTL.scr

[2012/02/21 14:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2012/02/21 14:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/01/26 14:36:01 | 010,625,632 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\Diane\Desktop\Opera_1161_int_Setup.exe

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/02/22 09:31:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA921302-8CC3-4A38-A5A2-C7E64541B459}.job

[2012/02/22 09:24:41 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Diane\Desktop\OTL.scr

[2012/02/22 09:17:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3451306906-1080147370-583220059-1007UA.job

[2012/02/22 08:16:08 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3451306906-1080147370-583220059-1007Core.job

[2012/02/22 07:50:42 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/02/22 07:47:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/21 14:10:01 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2012/02/21 14:09:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/02/21 13:47:33 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\Diane\Desktop\setup_av_free_cnet.exe

[2012/02/21 13:26:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/20 16:28:09 | 000,005,034 | ---- | M] () -- C:\WINDOWS\mozy.blk

[2012/02/20 16:28:08 | 000,003,464 | ---- | M] () -- C:\WINDOWS\mozy.flt

[2012/02/17 07:48:40 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/02/16 19:14:37 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/02/16 19:14:37 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/02/16 19:05:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/02/16 08:21:10 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Diane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/02/16 08:21:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Diane\Desktop\Google Chrome.lnk

[2012/02/09 16:04:33 | 000,056,961 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\paris2.jpg

[2012/02/09 16:02:52 | 000,225,354 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\paris1.jpg

[2012/02/09 13:43:51 | 005,403,172 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\honorecowl.pdf

[2012/02/09 13:23:31 | 000,000,553 | -H-- | M] () -- C:\Documents and Settings\Diane\My Documents\Picasa.ini

[2012/02/09 13:18:47 | 000,014,947 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\map2.jpeg

[2012/02/09 12:52:37 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2012/02/09 12:51:55 | 002,972,615 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\map.jpg

[2012/02/07 15:29:47 | 000,628,376 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\french.jpg

[2012/02/03 14:26:15 | 002,519,308 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\sweetmuffinsuite_valentine_freedownload_postcard_final.pdf

[2012/01/31 08:21:57 | 000,415,916 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/01/29 10:06:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/29 05:39:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2012/01/26 14:38:23 | 010,625,632 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\Diane\Desktop\Opera_1161_int_Setup.exe

[2012/01/25 22:56:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/01/23 16:29:02 | 000,091,393 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\36169603226819901_WfhE5c9z_c.jpg

[2012/01/23 16:25:08 | 000,052,657 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\5640a78385e94a327f6a59dce667-2.jpg

[2012/01/23 16:25:08 | 000,052,657 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\5640a78385e94a327f6a59dce667-1.jpg

[2012/01/23 16:25:08 | 000,052,657 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\5640a78385e94a327f6a59dce667.jpg

[2012/01/23 11:38:04 | 000,460,730 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\DictionaryOld.jpg

[2012/01/23 11:37:04 | 000,345,824 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\OldDesignShop_DictionaryWordsTreasure.jpg

[2012/01/23 11:35:17 | 000,073,421 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\6a00e54f0a19ff883401157234df1f970b-500wi.jpg

[2012/01/23 11:32:22 | 000,273,439 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\dic1.jpg

[2012/01/23 11:29:57 | 000,460,730 | ---- | M] () -- C:\Documents and Settings\Diane\My Documents\blockhouses-byblow-q85-1019x868.jpg

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/02/21 14:10:01 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2012/02/21 13:42:37 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\Diane\Desktop\setup_av_free_cnet.exe

[2012/02/16 07:51:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/16 07:51:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012/02/09 16:04:33 | 000,056,961 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\paris2.jpg

[2012/02/09 16:02:51 | 000,225,354 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\paris1.jpg

[2012/02/09 13:43:20 | 005,403,172 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\honorecowl.pdf

[2012/02/09 13:18:40 | 000,014,947 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\map2.jpeg

[2012/02/09 12:52:37 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2012/02/09 12:52:36 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

[2012/02/09 12:51:50 | 002,972,615 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\map.jpg

[2012/02/07 15:29:46 | 000,628,376 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\french.jpg

[2012/02/06 12:45:59 | 000,052,657 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\5640a78385e94a327f6a59dce667-2.jpg

[2012/02/06 12:41:14 | 000,052,657 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\5640a78385e94a327f6a59dce667-1.jpg

[2012/02/03 14:26:12 | 002,519,308 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\sweetmuffinsuite_valentine_freedownload_postcard_final.pdf

[2012/01/29 10:06:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/23 16:29:01 | 000,091,393 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\36169603226819901_WfhE5c9z_c.jpg

[2012/01/23 16:25:07 | 000,052,657 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\5640a78385e94a327f6a59dce667.jpg

[2012/01/23 11:38:03 | 000,460,730 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\DictionaryOld.jpg

[2012/01/23 11:37:04 | 000,345,824 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\OldDesignShop_DictionaryWordsTreasure.jpg

[2012/01/23 11:35:16 | 000,073,421 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\6a00e54f0a19ff883401157234df1f970b-500wi.jpg

[2012/01/23 11:32:21 | 000,273,439 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\dic1.jpg

[2012/01/23 11:29:55 | 000,460,730 | ---- | C] () -- C:\Documents and Settings\Diane\My Documents\blockhouses-byblow-q85-1019x868.jpg

[2011/05/12 18:03:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2011/05/03 08:31:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2010/07/02 17:46:46 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2010/07/02 17:46:44 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll

 

========== LOP Check ==========

 

[2011/08/04 07:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE

[2010/02/02 09:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2012/02/21 14:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/11/12 08:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint

[2011/06/20 09:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2011/05/11 16:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2010/10/07 14:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FUJIFILM

[2009/09/16 13:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2009/01/03 16:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2011/05/11 16:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2009/01/02 14:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/03/16 18:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/04/06 17:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/11/13 17:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Amazon

[2010/07/02 10:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\CheckPoint

[2011/05/12 08:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\EPSON

[2009/01/20 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\GetRightToGo

[2009/01/19 19:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\ICAClient

[2009/01/30 18:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\ImgBurn

[2010/12/14 16:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\JimbobSoft

[2009/03/31 16:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\MailFrontier

[2009/01/22 18:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\OpenOffice.org

[2011/12/16 18:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Opera

[2009/01/19 19:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Runaware

[2009/01/02 14:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\SampleView

[2009/02/11 12:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Samsung

[2009/05/12 13:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Serif

[2011/05/03 08:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Smart Panel

[2010/08/26 17:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Spotify

[2009/01/20 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Template

[2012/02/22 07:50:42 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2012/02/22 09:31:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DA921302-8CC3-4A38-A5A2-C7E64541B459}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009/02/22 18:41:27 | 000,000,212 | ---- | M] () -- C:\.html

[2004/09/06 16:55:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/04/27 14:47:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2004/09/06 16:55:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/05/02 12:58:16 | 000,004,460 | -H-- | M] () -- C:\ffastun.ffa

[2009/05/02 12:58:10 | 000,491,520 | -H-- | M] () -- C:\ffastun.ffl

[2009/05/02 12:58:14 | 000,180,224 | -H-- | M] () -- C:\ffastun.ffo

[2009/05/02 12:58:10 | 001,675,264 | -H-- | M] () -- C:\ffastun0.ffx

[2009/05/02 13:51:28 | 000,491,520 | ---- | M] () -- C:\ffastunT.ffl

[2004/09/06 16:55:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/01/02 14:49:19 | 000,000,743 | -H-- | M] () -- C:\IPH.PH

[2011/06/23 11:57:17 | 000,057,199 | ---- | M] () -- C:\JCouponPrintLog.txt

[2009/02/02 14:18:43 | 000,000,451 | ---- | M] () -- C:\LOG191.log

[2004/09/06 16:55:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 19:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/01/05 18:10:26 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/02/22 08:11:41 | 840,957,952 | -HS- | M] () -- C:\pagefile.sys

[2009/01/02 14:50:00 | 000,000,391 | ---- | M] () -- C:\RtlAudio_Result.txt

[2004/10/30 07:41:53 | 000,000,118 | ---- | M] () -- C:\SmartInstaller.log

[2010/10/14 09:54:17 | 000,000,203 | ---- | M] () -- C:\twacker.log

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

[2004/09/06 09:43:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/09/06 09:43:30 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/09/06 09:43:29 | 000,860,160 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

[2009/01/24 16:39:06 | 000,010,752 | ---- | M] () -- C:\Program Files\Holidays & Breaks List (4) 2005.wps

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2004/04/02 05:21:24 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2004/04/02 05:21:24 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2004/04/02 05:21:24 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2004/04/02 05:21:54 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/03 15:47:17 | 000,834,800 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/03 15:47:17 | 000,834,800 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/03 15:47:17 | 000,834,800 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/03 15:47:23 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/03 15:47:23 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/03 15:47:23 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2004/04/02 05:21:24 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2004/04/02 05:21:24 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2004/04/02 05:21:24 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2004/04/02 05:21:54 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/03 15:47:17 | 000,834,800 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/03 15:47:17 | 000,834,800 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/03 15:47:17 | 000,834,800 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/03 15:47:23 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/03 15:47:23 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/03 15:47:23 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Diane\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/26 14:45:00 | 000,949,104 | ---- | M] (Opera Software)

 

< End of report >

[handbaggirl]

here is the second log from OTL

OTL Extras logfile created on: 22/02/2012 09:26:50 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Diane\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

501.77 Mb Total Physical Memory | 122.31 Mb Available Physical Memory | 24.38% Memory free

1.24 Gb Paging File | 0.22 Gb Available in Paging File | 17.57% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.72 Gb Total Space | 96.65 Gb Free Space | 66.32% Space Free | Partition Type: NTFS

Drive D: | 3.32 Gb Total Space | 1.43 Gb Free Space | 43.12% Space Free | Partition Type: FAT32

 

Computer Name: DIANESCOMPUTER | User Name: Diane | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0038B7BB-C6E6-59D4-8F6F-2B2E707F89F6}" = MozyHome

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor

"{1D643CD2-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security

"{30482AC3-4FC6-4E35-95F2-0BB415960631}" = Bing Bar

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client

"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{549622DF-3674-459C-81F3-38124A45FA0E}" = MusicBridge

"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader

"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter

"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools

"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver

"0BCA6D24013166B380927D270B90FF6D447A4AAA" = Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5)

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9

"America Online uk" = AOL UK (Choose which version to remove)

"American Greetings® Art & More Store" = American Greetings® Art & More Store

"AOL Connectivity Services" = AOL Connectivity Services

"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver

"AOLCoach uk" = AOL Coach Version 1.0(Build:20040201.2 uk)

"avast" = avast! Free Antivirus

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"BTHomeHub" = BTHomeHub

"Create your own Event Reminder_is1" = Create your own Event Reminder

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall

"EPSON SX218 Series Manual" = EPSON SX218 Series Manual

"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0

"GoToAssist" = GoToAssist Corporate

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader

"LastFM_is1" = Last.fm 1.5.4.24567

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSPUB4" = Microsoft Publisher 97

"Nero - Burning Rom!UninstallKey" = Nero OEM

"Nero BurnRights!UninstallKey" = Nero BurnRights

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Opera 11.61.1250" = Opera 11.61

"Picasa 3" = Picasa 3

"PrintMaster 7.00" = PrintMaster 7.00

"PROSet" = Intel® PRO Network Adapters and Drivers

"PUBLISHERR" = Microsoft Office Publisher 2007 Trial

"RealPlayer 6.0" = RealPlayer Basic

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Serif DrawPlus 3.0" = Serif DrawPlus 3.0

"SLAMRNTV" = Smart Link 56K Voice Modem

"Spotify" = Spotify

"StreetPlugin" = Learn2 Player (Uninstall Only)

"ViewpointMediaPlayer" = Viewpoint Media Player

"WebPost" = Microsoft Web Publishing Wizard 1.52

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Word8.0" = Microsoft Word 97

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"YTdetect" = Yahoo! Detect

"ZoneAlarm Free" = ZoneAlarm Free

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 22/01/2012 09:36:33 | Computer Name = DIANESCOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 22/01/2012 09:40:20 | Computer Name = DIANESCOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.2.4363, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

Error - 29/01/2012 01:53:12 | Computer Name = DIANESCOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application OSASOI.EXE, version 1.0.3.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

Error - 29/01/2012 02:15:21 | Computer Name = DIANESCOMPUTER | Source = MPSampleSubmission | ID = 5000

Description =

 

Error - 29/01/2012 07:31:13 | Computer Name = DIANESCOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 29/01/2012 07:33:40 | Computer Name = DIANESCOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 29/01/2012 07:41:26 | Computer Name = DIANESCOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module msxml3.dll, version 8.100.1052.0, fault address 0x000a1425.

 

Error - 30/01/2012 13:35:45 | Computer Name = DIANESCOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

Error - 01/02/2012 14:55:01 | Computer Name = DIANESCOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application firefox.exe, version 9.0.1.4371, faulting module

msvcr80.dll, version 8.0.50727.6195, fault address 0x00048b76.

 

Error - 09/02/2012 13:16:13 | Computer Name = DIANESCOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application opera.exe, version 11.61.1250.0, faulting module

, version 11.61.1250.0, fault address 0x0091c867.

 

[ System Events ]

Error - 09/02/2012 08:34:41 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 09/02/2012 08:34:41 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 09/02/2012 08:34:41 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 09/02/2012 08:34:41 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 09/02/2012 08:34:41 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 09/02/2012 08:34:41 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 14/02/2012 13:44:05 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the wscsvc service.

 

Error - 21/02/2012 10:18:49 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx

 

Error - 21/02/2012 13:19:51 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx

 

Error - 22/02/2012 03:48:54 | Computer Name = DIANESCOMPUTER | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx

 

 

< End of report >

[handbaggirl]

Finally managed to paste these logs, hope you understand them and there is a solution to my little problem

[Armageddon]

Hi thanks for posting these am sure one of our security guys will view the reports and get back to you.

 

Dave

[handbaggirl]

thanks so much :D

[Starbuck]

Hi handbaggirl

 

Sorry for the late reply, it's been a busy evening.

 

Some of the Zone Alarm entries in the report are actually extras that can be disabled when Zone Alarm is installed.

We don't recommend these extras.... it's just a way of making money by promoting toolbars etc.

We'll remove these.

Removing them won't effect the running of your Firewall though.

 

You also seem to have a little too much security running.

Too much is often as bad as not having enough.

With too many security programs running you stand the chance of conflicts.

 

With Avast running you don't really need Windows Defender or SuperAntiSpyware running.

 

Recommendation.

To disable Windows Defender:

• Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  
• Click on Tools & Settings >> Options.
  
• Under Real-time protection options, uncheck the "Real-time protection" check box.
  
• Click Save.
  
• Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
  

 

 

To stop SuperAntiSpyware from running at Start up:

Restart SuperAntiSpyware...

Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.

Then click Close. and then Close on the next screen to exit the program.

You can start it manually when you need to do a scan.

 

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E0756EFBE3605F45893D325421255D7CCD786625._service_ run"=_

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

Step 2

I'd like you to do an ESET OnlineScan

 

You may find it beneficial to close your resident AV program before running the scan.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
   
  
• Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
   
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
    Save it to your desktop.
    
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
    

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

  [*]Accept any security warnings from your browser.

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

  [*]Click the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

  Include the contents of this report in your next reply.

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

Note:

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

 

Enable Anti-Stealth technology

 

http://img.photobucket.com/albums/v708/starbuck50/eset.png

 

 

In your next reply, please submit:

OTL fix report

Eset scan report

 

 

Thanks.

[handbaggirl]

HI, thanks for getting back to me i am posting my findings

C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ deleted successfully.

C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.

C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.

File C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.

File C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.

File C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.

File C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

========== REGISTRY ==========

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"E0756EFBE3605F45893D325421255D7CCD786625._service_ run"|_ /E : value set successfully!

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Diane\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Diane\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Java cache emptied: 0 bytes

 

User: Diane

->Temp folder emptied: 2409541418 bytes

->Temporary Internet Files folder emptied: 33435284 bytes

->Java cache emptied: 34712254 bytes

->FireFox cache emptied: 90112914 bytes

->Google Chrome cache emptied: 112106996 bytes

->Opera cache emptied: 11025657 bytes

->Flash cache emptied: 10857 bytes

 

User: LocalService

->Temp folder emptied: 2050044 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 4283388 bytes

->Temporary Internet Files folder emptied: 132283300 bytes

 

User: Stewart

->Temp folder emptied: 549333088 bytes

->Temporary Internet Files folder emptied: 33002693 bytes

->Java cache emptied: 97685773 bytes

->FireFox cache emptied: 58535845 bytes

->Opera cache emptied: 25926594 bytes

->Flash cache emptied: 29119 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 129864 bytes

%systemroot%\System32 .tmp files removed: 3774993 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 76203316 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 186101146 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 4294869601 bytes

 

Total Files Cleaned = 7,777.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.33.2 log created on 02232012_083933

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Diane\Local Settings\Temp\~DF5D03.tmp moved successfully.

File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

C:\WINDOWS\temp\Perflib_Perfdata_bdc.dat moved successfully.

File\Folder C:\WINDOWS\temp\ZLT07132.TMP not found!

 

Registry entries deleted on Reboot...

 

2 threats were removed that avast didnt find, also on starting up this morning my wallpaper has now vanished! do you think that this has now solved my problem,? many thanks for your help so far

[Starbuck]

Hi handbaggirl

 

on starting up this morning my wallpaper has now vanished!

It's not unknown when removing malware etc.... just set a new wallpaper and everything should be fine.

 

do you think that this has now solved my problem,?

I'm certainly hoping so.

The system must be running a lot better now.... is it?

Run the system for a day or so and see how it goes.

Then get back to me and let me know if everything is ok.

If it is, then we'll finish off the cleaning process.

 

many thanks for your help so far

It's no problem at all, glad i could help.

[handbaggirl]

Cheers for the help, everything seems to be fine, got new wallpaper and i have also been on my husbands side and theres no problems or things gone weird with his docs, previously when we had malware, some of his stuff got rearranged, hope that all is well now, was a bit concerned that avast didnt detect there 2 threats, but i guess thats just one of those things..would you recommend be running that online scanner from time to time ? i run my superanti spyware mannually, even though it did start up on boot it didnt run, its the free version..thanks again i will get back to you in a few days and let you know how things are, i much appreciate your time and effort :cool:

[Starbuck]

was a bit concerned that avast didnt detect there 2 threats, but i guess thats just one of those things.

There's not one security program that can find and remove all the bad stuff.

That's why we use different programs.

Some programs are more dedicated to certain types of malware.

 

would you recommend be running that online scanner from time to time ?

It's not a bad idea.

Running MBAM or SAS once a week and then an online scan once every couple of weeks should help.

Obviously you must keep your normal AV running though. (only turn it off when running an online scan)

The online scan database is continually updated, so you'll need a fresh database each time you run it.

 

Glad to hear things are running a lot better.

See you in a couple of days.

[handbaggirl]

evening..further to my problem being sorted out, im reporting that all seems to be going fine now, have been using it without a glitch and hope that this means we are good to go! Thanks soooo much for your time and effort ,i really appreciate it, and know that it is a lot of work for you in your own time ,trying to rid us mere mortals of our computer woes

[Starbuck]

Hi handbaggirl

 

Glad to hear everything is still running ok.

 

Thanks soooo much for your time and effort ,i really appreciate it, and know that it is a lot of work for you in your own time ,trying to rid us mere mortals of our computer woes

Thank you for the comments.

Just being appreciated is payment enough.

 

Yep, you're good to go, let's finish off then.

 

Step 1

Restart MBAM.

Click on the Quarantine tab

If there are items in quarantine.....

Make sure everything is selected and then click Delete All.

Close MBAM.

 

Step 2

• Please double-click OTL to run it.
  
• You should see a CleanUp! button, press that button,
   
  http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
   
  
• This will cleanup an assortment of tools used during malware removal, plus itself

 

Note:

MBAM will not be removed

 

 

Step 3

Now you should 'Set a New Restore Point'.

Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if ever needed.

 

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  
• Then go to Start > Run and type: Cleanmgr
  
• Click "OK".
  
• Select the drive for cleaning then click OK (usually 'C' drive)
  
• Click the "More Options" Tab.
  
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

 

 

Not all of the following information will be applicable to you, but it's still best to read it all.

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software
  
  • Avira AntiVir ... see note* ....installation guide Here
    
  • Avast free
    
  • MS Security Essentials ... see note** ...installation guide Here
    

   

  Note*:

  Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

   

  Note**:

  Upon installation MS Security Essentials will check that your OS is a legal copy.

   

  Only install one AntiVirus program

   

  [*]Update your AntiVirus Software regularly

   

  [*]Use a 3rd party Firewall

  • Online Armor Free
    
  • ZoneAlarm ...Important note below
    

  NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

   

  Only install one software Firewall

   

  Some 3rd party Firewalls will turn off the windows firewall when they are installed.

  It's always best to check that the Windows Firewall is turned off:

   

  How to turn off Windows Firewall:

  Start ... Control Panel ...click on 'Classic View'.

  now select Windows Firewall.

  When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

   

  [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner:

  Installing another scanner that you can run once or twice a week is always beneficial.

  Something like:

  Malwarebytes Anti-Malware

  SUPERAntiSypware

  Remember to update these programs each time before running.

  You can install more than one of these if you only run them as stand alone programs.

   

  [*] Use an alternative browser:

  Some excellent alternatives to MS Internet Explorer are:

   

  Firefox

  For added security, add the NoScript extension to this browser:

  Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

  also consider adding:

  WOT - Safe Browsing Tool

   

  Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

  Btw: you don't have to make a contribution.

   

  Opera

   

  They offer better security, more stability, and better speed.

   

  [*]Keep a backup of your registry

  Keeping a regular backup of your registry will help when something goes wrong.

  Use a program like:

  Erunt

   

  A full tutorial on how to set up and use Erunt can be found here:

  Erunt tutorial

   

  [*]Keep your system clean of temp files etc, using a 'Cleaner':

  Cleaners are programs that will help to clean out your:

  Windows temp files

  Current user temp files

  Cookies

  Temporary Internet flies

  Browser history

  Recycle bin

  Etc.......

  In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.

  Programs like:

  TFC by OldTimer

  ATF Cleaner

   

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

   

  [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

   

  A tutorial on installing & using this product can be found here:

  Using and installing SpywareBlaster

   

  [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Glad I was able to help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif