Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

For Jeff - Old HP with XP [Solved]


  • This topic is locked This topic is locked
38 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 March 2014 - 09:15 AM

Great job!!   :)
 
Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


Posted Image
 
 

    Advertisements

Register to Remove


#17 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 02:30 PM

Jeff

 

I am running combo fix since 3:47 pm and it is 4:20 pm and it is still running.

 

found old papers on this old HP - we bought it Jan 11, 2003 and in September 2004 Circuit city installed a  new hard drive in it.After using it for the past 24 hours I can see why we bought the old Gateway!!!  I also managed to find the system recovery disks - all 7 original disks from HP.  Since i cannot get to do windows updates, I ran the standard system recovery which does format C: and remove software, etc.  I thought this would be great to put the old HP back to square one......

 

It took me back to SP1, so I had to install SP2 and SP3 - I'm back at IE6, and every time I try to install IE8, it fails now.  It tells me this:  Internet explorer installation did not complete - and now it says I have to reboot to remove it.  I even tried to install IE7 first...same thing.

 

then when I try to  get to any website, I'd get an error that the add on pkR.dll could not run, and had to close the window. So I bring up the IE addon's and disable it - I don't know what it is or what it does or even if it is a trojan or virus.

 

I am just trying to get this old HP up and running with XP as far as I can get it updated by April 8th.

 

Combofix is still running since 3:47 pm and it's now 4:30pm.  I have not touched the keyboard while it was running, so it's not locked up - no one has touched the keyboard - I even kept the cat away from it!!  He's great for walking across the keyboard!!

 

Hope this ends soon!

 

dar


Darlene

#18 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 02:32 PM

After posting I see I left out a word.....I installed the Standard system recovery which does NOT format C:\

 

 

I did not format C:\

 

dar


Darlene

#19 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 02:52 PM

Jeff - we have used combofix many times....it is not going thru "completed stage 1, etc up to 50 - I have not seen this today at all.

 

 

I stopped it, rebooted the machine, changed the  screen saver to NONE and started it up again at 4:50pm - I will let it run again..

but so far..no stages completed...still scanning for infected files......

 

Dar

Attached Thumbnails

  • IMG_20140316_165021_208.jpg

Darlene

#20 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 05:12 PM

Jeff - ok - so I started combofix at 4:50pm, it's now 7:15pm and it's still running.  But now I have a balloon  from the computer about memory.  I have attached it.

 

dar

 

Attached Thumbnails

  • IMG_20140316_152822_8831.jpg

Edited by peachy_dar, 16 March 2014 - 05:13 PM.

Darlene

#21 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 March 2014 - 05:16 PM

Go ahead and stop ComboFix, reboot your system and then do the following....
 
ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


Posted Image
 
 

#22 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 05:32 PM

Jeff - I cannot download it - I get a pop up from IE that it cannot open the site and will not download. so I googled it, found it on bleeping computer.com and tried to down load it there, it this pc won't let. now what?

This is the text in the box onscreen:

"internet explorer was not able to open this internet site. the requested site is either unavailable or cannot befound, pleae try later."
dar
Darlene

#23 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 05:35 PM

jeff!!!!!


Since this old HP is on the network, I used my hubby's pc to download it then I copied it to the HP!! I'm gonna run it!!

dar
Darlene

#24 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 05:39 PM

Jeff: I ran it but I see a file age is 30 days?? this pc hasn't been on since May 2007... does that matter?

dar
Darlene

#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 March 2014 - 05:43 PM

just go ahead and run it like that.  :)


Posted Image
 
 

    Advertisements

Register to Remove


#26 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 05:49 PM

Jeff - OTL has been run!!

EXTRAS

OTL Extras logfile created on: 3/16/2014 7:38:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.98 Mb Total Physical Memory | 104.29 Mb Available Physical Memory | 42.23% Memory free
605.96 Mb Paging File | 453.15 Mb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.61 Gb Total Space | 22.88 Gb Free Space | 45.20% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.05 Gb Free Space | 19.94% Space Free | Partition Type: FAT32

Computer Name: YOUR-6JNHHU0520 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager
"{1EEE2A9F-6471-42fa-8923-E8879168CE26}" = HP Photo and Imaging 1.1 - Photosmart Cameras
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}" = Blasterball Wild
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = easy Internet sign-up
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357ECB62-CD36-4B63-B57E-769D0CA174F4}" = Blasterball 2
"{35845E72-E34A-11D4-817D-005004D0F1FA}" = MarketBrowser
"{3EA6838C-5C34-4F9C-A8DA-434D65DD1356}" = Men in Black II CROSSFIRE Trial Version
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{4F0AE1FB-4082-4A27-8363-05D292D92FB0}" = Virtual Warfare
"{5415BC25-6D6C-46C4-B34C-EA8470FE56D5}" = Blackhawk Striker
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{63272979-21F0-48EF-9B97-A83DBC05BE39}" = Disney's Lilo and Stitch Pinball
"{753FE96B-D926-4B6C-BCFB-CC59153D004A}" = Snowboard Extreme
"{7841B68B-B7DD-408E-8B45-D5CA39608185}" = Dark Orbit
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 82845G Graphics Driver Software
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9FA01E11-9015-4140-B10A-5C6AA949B2FC}" = Space Rocks
"{A0C4079C-097C-45BA-8D85-08C9FAF290FA}" = Freedom
"{A27EAF80-CBFC-4F56-94E1-929A401D7515}" = Betty Bad
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705
"{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84}" = PigPen
"{E62C706B-1352-4DCA-B4D4-81C24750B70F}" = Detto IntelliMover Demo
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"ArcSoft Software Suite" = ArcSoft Software Suite
"BackWeb-137903 Uninstaller" = hp center
"hp instant support" = HP Instant Support
"HPTOOLKIT" = hp toolkit
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Indeo® Software" = Indeo® Software
"InstallShield_{A0C4079C-097C-45BA-8D85-08C9FAF290FA}" = Freedom Security & Privacy
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WeatherBug" = WeatherBug
"WildTangentDDC" = WildTangent Channel Manager
"Windows XP Service Pack" = Windows XP Service Pack 3
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack

========== Last 20 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
Darlene

#27 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 05:50 PM

Jeff - here is OTL log

OTL logfile created on: 3/16/2014 7:38:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.98 Mb Total Physical Memory | 104.29 Mb Available Physical Memory | 42.23% Memory free
605.96 Mb Paging File | 453.15 Mb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.61 Gb Total Space | 22.88 Gb Free Space | 45.20% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.05 Gb Free Space | 19.94% Space Free | Partition Type: FAT32

Computer Name: YOUR-6JNHHU0520 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (MSDTC) -- File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mrtRate) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (rtl8139) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (S3Psddr) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (pfc) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
DRV - (FreeTdi) -- C:\WINDOWS\System32\Drivers\FreeTdi.sys (Zero-Knowledge Systems Inc.)
DRV - (Freedom) -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS (Zero-Knowledge Systems Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (Ps2) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whatthetech.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1




O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll (Zero-Knowledge Systems Inc.)
O2 - BHO: (ZKBho Class) - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll (Zero-Knowledge Systems Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [AutoTBar] C:\hp\bin\autotbar.exe File not found
O4 - HKLM..\Run: [BCNT] C:\PROGRA~1\AWS\WEATHE~1\BCNT.EXE ()
O4 - HKLM..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe File not found
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe ()
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AF05901-5396-47A9-BBF9-C191752CBDDC}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 12:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/16 19:35:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/03/16 16:45:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/03/16 15:10:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/03/16 15:07:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/16 15:07:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/16 15:07:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/16 15:07:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/16 15:07:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/16 15:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/03/16 15:06:20 | 005,190,279 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2014/03/16 14:49:20 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2014/03/16 14:49:19 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2014/03/16 14:49:19 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2014/03/16 14:49:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2014/03/16 13:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2014/03/16 13:09:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/03/16 10:58:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/03/16 10:57:56 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2014/03/16 10:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Multi-channel Sound Manager
[2014/03/16 10:04:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2014/03/16 10:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
[2014/03/16 10:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2014/03/16 10:01:34 | 008,669,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\Windows7UpgradeAdvisorSetup.exe
[2014/03/16 09:54:54 | 001,497,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\Coreinfo.exe
[2014/03/15 21:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2014/03/15 20:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ResultReport_files
[2014/03/15 20:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2014/03/15 20:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/03/15 20:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/03/15 19:26:51 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/15 19:26:51 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/15 17:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Jotzey
[2014/03/15 17:08:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/15 17:06:20 | 000,930,952 | ---- | C] (CNET Download.com) -- C:\Documents and Settings\Owner\Desktop\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
[2014/03/15 16:11:02 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2014/03/15 15:55:22 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2014/03/15 15:37:11 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2014/03/15 15:37:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2014/03/15 15:37:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2014/03/15 15:37:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2014/03/15 15:37:03 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2014/03/15 15:37:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2014/03/15 15:37:02 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2014/03/15 15:37:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2014/03/15 15:37:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2014/03/15 15:37:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2014/03/15 15:37:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2014/03/15 15:37:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2014/03/15 15:37:01 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2014/03/15 15:37:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2014/03/15 15:37:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2014/03/15 15:37:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2014/03/15 15:37:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2014/03/15 15:36:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2014/03/15 15:36:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2014/03/15 15:36:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2014/03/15 15:36:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2014/03/15 15:36:58 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2014/03/15 15:36:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2014/03/15 15:36:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2014/03/15 15:36:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2014/03/15 15:36:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2014/03/15 15:36:57 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2014/03/15 15:36:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2014/03/15 15:36:57 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2014/03/15 15:36:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2014/03/15 15:36:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2014/03/15 15:36:56 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2014/03/15 15:36:55 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2014/03/15 15:36:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2014/03/15 15:36:55 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2014/03/15 15:36:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2014/03/15 15:36:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2014/03/15 15:36:53 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2014/03/15 15:36:52 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2014/03/15 15:36:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2014/03/15 15:36:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2014/03/15 15:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2014/03/15 15:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2014/03/15 14:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2014/03/15 14:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2014/03/15 13:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN
[2014/03/15 12:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SlimWare Utilities Inc
[2014/03/15 12:52:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2014/03/15 12:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2014/03/15 12:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/03/15 12:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REGSERVO
[2014/03/15 12:26:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2014/03/15 12:19:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2014/03/15 11:57:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/03/15 11:49:08 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/16 19:23:01 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2014/03/16 19:22:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/16 19:22:52 | 259,047,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/16 18:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/03/16 15:10:17 | 000,000,316 | RHS- | M] () -- C:\boot.ini
[2014/03/16 15:06:43 | 005,190,279 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2014/03/16 15:05:28 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2014/03/16 13:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/16 13:34:47 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/16 13:29:06 | 002,105,344 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2014/03/16 13:18:37 | 000,365,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/16 13:18:37 | 000,046,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/16 13:10:53 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/16 13:10:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2014/03/16 13:09:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/16 12:40:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/03/16 12:10:24 | 000,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/16 11:57:31 | 000,000,201 | ---- | M] () -- C:\Boot.bak
[2014/03/16 11:51:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2014/03/16 10:58:52 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Update.lnk
[2014/03/16 10:57:48 | 000,004,148 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DA191A-ABA 514n_YUU_Pavi_QCN248A_E31NAheBLU4_4_INBGV - Northwood Brookdale-G Validation Board_SIntel Corporation_V_B6.00_T021029_WXH1_L409_M248_J60_7Intel_8Celeron_92.19_1_N10EC8139_P_Z11C1044E_K_A808624C5_U808624C2.MRK
[2014/03/16 10:56:03 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2014/03/16 10:01:53 | 008,669,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\Windows7UpgradeAdvisorSetup.exe
[2014/03/16 10:00:51 | 000,355,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Coreinfo.zip
[2014/03/15 20:43:33 | 000,080,018 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ResultReport.htm
[2014/03/15 19:26:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/15 19:26:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/15 17:06:23 | 000,930,952 | ---- | M] (CNET Download.com) -- C:\Documents and Settings\Owner\Desktop\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
[2014/03/15 16:11:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2014/03/15 15:55:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2014/03/15 14:55:04 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2014/03/12 06:08:23 | 000,000,046 | ---- | M] () -- C:\WINDOWS\Generations.INI
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/16 15:10:17 | 000,000,201 | ---- | C] () -- C:\Boot.bak
[2014/03/16 15:10:13 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/03/16 15:07:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/16 15:07:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/16 15:07:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/16 15:07:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/16 15:07:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/16 14:53:36 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Explorer.lnk
[2014/03/16 13:33:44 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2014/03/16 13:26:07 | 002,105,344 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb
[2014/03/16 13:10:52 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/16 13:10:52 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2014/03/16 10:57:11 | 259,047,424 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/16 10:55:27 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IntelliMover Demo.lnk
[2014/03/16 10:55:27 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\About my HP PC.lnk
[2014/03/16 10:55:27 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hp center.lnk
[2014/03/16 10:55:27 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Help and Support.lnk
[2014/03/16 10:02:52 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2014/03/16 09:53:03 | 000,355,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Coreinfo.zip
[2014/03/15 21:12:10 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Update.lnk
[2014/03/15 20:43:19 | 000,080,018 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ResultReport.htm
[2014/03/15 19:26:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/15 14:55:04 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2007/05/09 20:14:03 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Owner\presets.ini
[2006/11/24 05:16:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2006/11/12 16:22:54 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/12 07:13:21 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/02/11 14:08:58 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/01 18:51:52 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2006/02/01 18:51:52 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2006/01/29 20:00:11 | 000,000,202 | -H-- | C] () -- C:\Documents and Settings\Owner\IPH.BAK
[2002/10/28 13:19:49 | 000,008,550 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
[2002/10/28 13:19:49 | 000,008,029 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt

========== ZeroAccess Check ==========

[2007/08/24 09:04:38 | 000,023,739 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\DESIGN SETS PART I\Designs by Sick Sets\CAT TAIL MONOGRAM $1\cattailmono_pes\L.pes
[2007/08/24 09:04:38 | 000,024,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\DESIGN SETS PART I\Designs by Sick Sets\CAT TAIL MONOGRAM $1\cattailmono_pes\N.pes
[2007/08/24 09:04:38 | 000,023,337 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\DESIGN SETS PART I\Designs by Sick Sets\CAT TAIL MONOGRAM $1\cattailmono_pes\U.pes
[2003/12/05 18:18:02 | 000,012,054 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\DESIGN SETS PART I\FONTS\ALL FONTS BURNED\SNOW CAPS FONT $1\snowcaps_font_pes\l.pes
[2003/12/05 18:18:02 | 000,017,936 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\DESIGN SETS PART I\FONTS\ALL FONTS BURNED\SNOW CAPS FONT $1\snowcaps_font_pes\n.pes
[2003/12/05 18:18:06 | 000,015,727 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\DESIGN SETS PART I\FONTS\ALL FONTS BURNED\SNOW CAPS FONT $1\snowcaps_font_pes\u.pes
[2003/12/05 18:18:02 | 000,012,054 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\MARCH 2009 PES FILES\FONTS\ALL FONTS BURNED\SNOW CAPS FONT $1\snowcaps_font_pes\l.pes
[2003/12/05 18:18:02 | 000,017,936 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\MARCH 2009 PES FILES\FONTS\ALL FONTS BURNED\SNOW CAPS FONT $1\snowcaps_font_pes\n.pes
[2003/12/05 18:18:06 | 000,015,727 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EMBROIDERY DESIGN\MARCH 2009 PES FILES\FONTS\ALL FONTS BURNED\SNOW CAPS FONT $1\snowcaps_font_pes\u.pes
[2002/10/28 14:50:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/02/25 09:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2002/10/28 14:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2006/02/24 10:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2014/03/15 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2014/03/15 12:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REGSERVO
[2007/06/09 10:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/10/06 20:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/21 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2007/06/09 10:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/01/29 19:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2007/06/08 20:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2014/03/15 20:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2006/02/11 19:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2002/10/28 14:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2006/04/01 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2006/04/07 12:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/12/18 21:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAGIX
[2006/02/24 10:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development
[2006/09/12 07:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Picaboo
[2002/10/28 14:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2006/02/01 06:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/11/05 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2002/10/28 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2006/09/09 10:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WholeSecurity

========== Purity Check ==========



< End of report >
Darlene

#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 March 2014 - 05:56 PM

While I am looking over OTL please do the following...
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------


Posted Image
 
 

#29 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 16 March 2014 - 06:02 PM

Here are two pics of what I get when I try to download IE8

 

dar

Attached Thumbnails

  • IMG_20140316_195750_884.jpg
  • IMG_20140316_195650_760.jpg

Darlene

#30 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 March 2014 - 06:04 PM

Ok thanks.....when you get adwcleaner ran with the instructions I provided post the new log.  :)


Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users