Win32/Nuqel.E spyware

View previous topic View next topic Go down

Win32/Nuqel.E spyware

Post by kyle_and_tara317 on Sat Mar 27, 2010 4:38 pm

Hi. I do not know a lot about computers and I have a file called Win32/Nuqel.E that has taken over my computer. I've tried to get rid of it, but I can not locate it on my computer. I have tried looking for it in safe mode and still can't find it. What can I do to get rid of this awful thing?

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sat Mar 27, 2010 5:33 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Extras.Txt

Post by kyle_and_tara317 on Sat Mar 27, 2010 5:56 pm

OTL Extras logfile created on: 3/27/2010 1:52:03 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 786.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.80 Gb Total Space | 47.29 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 2.13 Gb Free Space | 57.06% Space Free | Partition Type: FAT32
Drive H: | 6.07 Gb Total Space | 6.06 Gb Free Space | 99.93% Space Free | Partition Type: FAT32
Drive I: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 359.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HP-AYUOC1CQ7JDJ
Current User Name: TARA
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\Infogrames\Putt Putt Saves the Zoo\puttzoo.exe" = C:\Program Files\Infogrames\Putt Putt Saves the Zoo\puttzoo.exe:*:Enabled:sputm90r -- File not found
"C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe" = C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe:*:Enabled:rct2 -- File not found
"C:\Program Files\Infogrames\Putt Putt Joins The Parade\PUTTPUTT.EXE" = C:\Program Files\Infogrames\Putt Putt Joins The Parade\PUTTPUTT.EXE:*:Enabled:PUTTPUTT -- File not found
"C:\Program Files\Infogrames\Pajama Sam's - Lost and Found\lost.exe" = C:\Program Files\Infogrames\Pajama Sam's - Lost and Found\lost.exe:*:Disabled:sputm90r -- File not found
"C:\Program Files\Infogrames\Putt Putt Goes to the Moon\puttmoon.exe" = C:\Program Files\Infogrames\Putt Putt Goes to the Moon\puttmoon.exe:*:Enabled:puttmoon -- File not found
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\firefox.exe" = C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{074182AC-17C5-4bc9-A7BC-01AE24160DB2}" = Mr. Biscuits 1.10
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Downloader
"{188993D8-9B2B-475B-89DE-381419A9C1E4}" = Fisher-Price Clifford's Classroom
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B70A780-4D87-4602-A015-6EE728C26A91}" = MSN Toolbar
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B755EF7-F860-4F72-9A2D-5216CB48BA7C}" = ArcSoft PhotoStudio 5.5
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{66E0EB37-6024-4872-897A-8E83AF1C87CA}" = ArcSoft VideoImpression 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745E36B0-FEBB-4073-AC32-C4E825B8B156}" = Finders Keepers 1.5
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112690867}" = Cathys Caribbean Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112868583}" = Chocolatier
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112930333}" = Lottso! Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113554713}" = Plant Tycoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114092390}" = Candace Kanes Candy Factory
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115286387}" = Operation Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115334267}" = Fashionista
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115366200}" = Carnival Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115587213}" = Alice Greenfingers 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11562057}" = PICTUREKA! MUSEUM MAYHEM
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116555140}" = Farm Frenzy Pizza Party
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116703127}" = Party Down
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116921517}" = Plan it Green
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116959157}" = Enchanted Katya and the Mystery of the Lost Wizard
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117095587}" = Restaurant Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117325817}" = Mr Bilbo’s Four Corners Of The World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11738453}" = Burger Shop 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117648740}" = Nanny 911
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{85DE22DE-CB29-4A0C-8930-09BC030F64BF}" = Fisher-Price Dora and Diego's Classroom
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{92EEDFE4-891D-46a9-B2F2-97788A833BC5}" = Cafe Mahjongg
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}" = Disney Pix 2.2
"{DC9DE944-6C04-5A0F-5CF6-F87563BB6FA6}" = Zoodles
"{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}" = Fisher-Price Scooby-Doo's Classroom
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4808215-1A0C-4578-A43D-4E97BED64CED}" = Software Jukebox 2.0 NA-02D
"1b2f24daab6a05a168f6a8aa938906ab" = Delicious - Emily's Holiday Season
"2272173a7eac5038f16ab5563cf6b49b" = Jojo's Fashion Show 2 Las Cruces
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"42c9bfc0e941fbdc2e3893d7a036b6d1" = Gemini Lost
"56d3ea5f6b2dd57a15fc13245d56f460" = City Sights - Hello, Seattle!
"97aa6660c2eb5d7678ec45247eba5328" = Gardenscapes
"a9bf5fcd1c2dd8dbf392df7cdbdab66a" = Agatha Christie - Dead Man's Folly
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Amelie's Cafe" = Amelie's Cafe
"Are You Smarter than a 5th Grader 2" = Are You Smarter than a 5th Grader 2
"Artist Colony" = Artist Colony
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"AVG8Uninstall" = AVG 8.5
"bearsharetb" = MediaBar
"Believe in Santa" = Believe in Santa
"BFG-Avalon" = Avalon
"BFG-My Tribe" = My Tribe
"blinkx beat" = blinkx beat
"Bob the Builder Can-Do Carnival_is1" = Bob the Builder Can-Do Carnival
"Build-a-lot" = Build-a-lot
"Burger Shop 2™" = Burger Shop 2™ (remove only)
"c456cf275554c36926cef117af1f74e5" = Build It! Miami Beach Resort
"Caillou's Preschool" = Caillou's Preschool (remove only)
"cb3f4d3b00514d26cf0ed4676a99aeef" = Fishdom - Spooky Splash
"Cindy's Sundaes" = Cindy's Sundaes (remove only)
"Clueless" = Clueless
"CLUE™ Accusations and Alibis™" = CLUE™ Accusations and Alibis™
"com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1" = Zoodles
"CommentsBar_-_Social_Comments Toolbar" = CommentsBar_-_Social_Comments Toolbar
"Costume Chaos" = Costume Chaos (remove only)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dairy Dash" = Dairy Dash (remove only)
"Danny Phantom Ghost Sweep" = Danny Phantom Ghost Sweep
"Delicious 2 Deluxe" = Delicious 2 Deluxe (remove only)
"Diaper Dash™" = Diaper Dash™
"Diner Dash Flo Through Time" = Diner Dash Flo Through Time (remove only)
"Diner Dash®: Seasonal Snack Pack™" = Diner Dash®: Seasonal Snack Pack™
"Disney Toontown Online" = Disney Toontown Online
"Doggie Dash®" = Doggie Dash®
"Dream Day Wedding - Viva Las Vegas" = Dream Day Wedding - Viva Las Vegas (remove only)
"e9cf750b4c09f6d0f569578192ee0511" = Kelly Green - Garden Queen
"EvenMoreMegaSwellAdsForYou" = EvenMoreMegaSwellAdsForYou
"EvenMoreMegaSwellAdsForYouFF" = FFEvenMoreMegaSwellAdsForYou
"f448c59f1a75c8a803bb79d2cb7c9c93" = Nancy Drew - Dossier - Resorting to Danger
"Farm Mania 2_is1" = Farm Mania 2
"FarmFrenzy" = FarmFrenzy (remove only)
"fead1c28dd0698171ac97b8db7d77a83" = The Treasures of Mystery Island
"Find Your Own Way Home" = Find Your Own Way Home
"Fishdom: Spooky Splash™" = Fishdom: Spooky Splash™
"Fishing Craze" = Fishing Craze (remove only)
"GoBit Games Plugin_is1" = GoBit Games Plugin v1.5
"Google Updater" = Google Updater
"Gotcha - Celebrity Secrets" = Gotcha - Celebrity Secrets
"Hardwood Spades" = Hardwood Spades
"Hell's Kitchen 1.0.7" = Hell's Kitchen 1.0.7
"Hidden Wonders of the Depths" = Hidden Wonders of the Depths (remove only)
"HijackThis" = HijackThis 2.0.2
"HollyAChristmasTale" = Holly-A Christmas Tale (remove only)
"Hotel Dash - Suite Success" = Hotel Dash - Suite Success
"iCarly: iDream in Toons" = iCarly: iDream in Toons
"ie8" = Windows Internet Explorer 8
"imeshmediabartb" = MediaBar
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{188993D8-9B2B-475B-89DE-381419A9C1E4}" = Fisher-Price Clifford's Classroom
"InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"InstallShield_{85DE22DE-CB29-4A0C-8930-09BC030F64BF}" = Fisher-Price Dora and Diego's Classroom
"InstallShield_{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}" = Fisher-Price Scooby-Doo's Classroom
"InstallShield_{F4808215-1A0C-4578-A43D-4E97BED64CED}" = Software Jukebox 2.0 NA-02D
"Jane's Realty" = Jane's Realty (remove only)
"Jane's Zoo" = Jane's Zoo
"Jenkat Games Arcade" = Jenkat Games Arcade
"Jessica's Cupcake Cafe" = Jessica's Cupcake Cafe (remove only)
"Kitchen Brigade" = Kitchen Brigade
"LimeWire" = LimeWire 5.4.6
"Little Shop - World Traveler" = Little Shop - World Traveler
"Lottso! Deluxe" = Lottso! Deluxe (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Monopoly®" = Monopoly®
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"Mystery_Cookbook" = Mystery Cookbook (remove only)
"Paradise Pet Salon" = Paradise Pet Salon
"Photags Music Express" = iConcepts Music Express
"PlayMP3" = PlayMP3z
"Posh Boutique 2" = Posh Boutique 2 (remove only)
"PROR" = Microsoft Office Professional 2007 Trial
"Pure Hidden" = Pure Hidden (remove only)
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"Rollercoaster Rush™" = Rollercoaster Rush™
"Saints & Sinners Bingo" = Saints & Sinners Bingo
"Sara's Super Spa Deluxe" = Sara's Super Spa Deluxe
"Scrapbook Paige" = Scrapbook Paige (remove only)
"Slingo Deluxe" = Slingo Deluxe
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speed Racer - The Great Plan" = Speed Racer - The Great Plan
"ST6UNST #1" = Toddler Fun
"Success Story" = Success Story (remove only)
"Supermarket Mania" = Supermarket Mania (remove only)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Face LOL)
"THE GAME OF LIFE™ by Hasbro" = THE GAME OF LIFE™ by Hasbro
"The Office" = The Office
"The Price Is Right 1.1.0" = The Price Is Right 1.1.0
"The Scruffs" = The Scruffs (remove only)
"TheTreasuresofMontezuma" = The Treasures of Montezuma (remove only)
"ULTIMATER" = Microsoft Office Ultimate 2007
"Virtual Families" = Virtual Families
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Games Player Plugin" = Web Games Player Plugin
"Wedding Dash 2 - Rings Around the World" = Wedding Dash 2 - Rings Around the World (remove only)
"Wheel of Fortune" = Wheel of Fortune (remove only)
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wonder Pets Join The Circus" = Wonder Pets Join The Circus
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yahtzee!" = Yahtzee! (remove only)
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2009 11:06:34 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2009 3:17:21 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application aim.exe, version 7.0.13.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2009 12:36:47 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2009 8:55:54 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2009 8:58:14 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2009 8:58:17 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2009 8:58:19 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2009 8:58:19 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/31/2009 6:51:39 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/31/2009 6:52:02 AM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Application Error | ID = 1000
Description = Faulting application quicktimeplayer.exe, version 7.1.3.100, faulting
module quicktime.qts, version 7.1.3.100, fault address 0x0006e724.

[ System Events ]
Error - 3/25/2010 8:09:04 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10010
Description = The server {3C16E079-E4C7-493C-BE9F-E0F2BB0B7430} did not register
with DCOM within the required timeout.

Error - 3/25/2010 8:14:41 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/25/2010 8:15:54 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL

Error - 3/25/2010 8:19:30 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/27/2010 1:27:37 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10010
Description = The server {31371420-098D-4C0E-A11E-EBEC2305DD01} did not register
with DCOM within the required timeout.

Error - 3/27/2010 1:28:09 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10010
Description = The server {3C16E079-E4C7-493C-BE9F-E0F2BB0B7430} did not register
with DCOM within the required timeout.

Error - 3/27/2010 1:29:13 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10010
Description = The server {3C16E079-E4C7-493C-BE9F-E0F2BB0B7430} did not register
with DCOM within the required timeout.

Error - 3/27/2010 1:39:22 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/27/2010 1:40:37 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL

Error - 3/27/2010 1:44:39 PM | Computer Name = HP-AYUOC1CQ7JDJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

First Part Otl

Post by kyle_and_tara317 on Sat Mar 27, 2010 6:11 pm

OTL logfile created on: 3/27/2010 1:52:03 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 786.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.80 Gb Total Space | 47.29 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 2.13 Gb Free Space | 57.06% Space Free | Partition Type: FAT32
Drive H: | 6.07 Gb Total Space | 6.06 Gb Free Space | 99.93% Space Free | Partition Type: FAT32
Drive I: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 359.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HP-AYUOC1CQ7JDJ
Current User Name: TARA
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/27 13:50:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\Downloads\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/27 13:50:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\Downloads\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 13:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/12/01 23:56:00 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
MOD - [2006/10/27 01:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006/10/27 01:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006/10/27 01:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (GameConsoleService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/31 09:00:06 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 08:59:57 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/08 01:01:23 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\MSJB NA02D Shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service)
SRV - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F2 A9 EC 01 98 0E C7 48 95 3E 8C 8D 75 B4 5D 37 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F2 A9 EC 01 98 0E C7 48 95 3E 8C 8D 75 B4 5D 37 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F2 A9 EC 01 98 0E C7 48 95 3E 8C 8D 75 B4 5D 37 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F2 A9 EC 01 98 0E C7 48 95 3E 8C 8D 75 B4 5D 37 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F2 A9 EC 01 98 0E C7 48 95 3E 8C 8D 75 B4 5D 37 [binary data]
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\URLSearchHook: {3192b808-ec27-4332-b6c6-97f82692cad5} - C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://kucampus.kaplan.edu/Login/Login.aspx"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: {83a504ae-e4e0-4112-9db4-b7d25952ecca}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.10.01
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:09:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 15:04:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\components [2010/03/25 01:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\plugins [2010/03/23 13:10:55 | 000,000,000 | ---D | M]

[2009/11/05 13:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Extensions
[2009/11/05 13:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/25 16:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions
[2009/09/03 08:16:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/04 22:59:30 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2009/07/20 07:42:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/13 16:40:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{83a504ae-e4e0-4112-9db4-b7d25952ecca}
[2009/11/18 16:53:09 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/11/04 17:30:36 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/12/11 07:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\fbdislike@doweb.fr
[2009/11/29 09:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\FFToolbar@upromise
[2010/01/28 15:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\plugin@yontoo.com
[2009/11/04 16:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\toolbar@alot.com
[2009/11/18 16:53:51 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\searchplugins\aim-search.xml
[2009/07/17 19:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\searchplugins\BearShareWebSearch.xml
[2009/07/17 19:02:48 | 000,002,456 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\searchplugins\iMeshWebSearch.xml
[2009/09/03 07:27:59 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\searchplugins\mywebsearch.xml

O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {01ECA9F2-0E98-48C7-953E-8C8D75B45D37} - C:\WINDOWS\System32\dciman3232.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (CommentsBar - Social Comments Toolbar) - {3192b808-ec27-4332-b6c6-97f82692cad5} - C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (CommentsBar - Social Comments Toolbar) - {3192b808-ec27-4332-b6c6-97f82692cad5} - C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (CommentsBar - Social Comments Toolbar) - {3192B808-EC27-4332-B6C6-97F82692CAD5} - C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL File not found
O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [rewiguzen] C:\WINDOWS\System32\sikizela.DLL File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [xejrhbpn] C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph\jlhosftav.exe ()
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F109627.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F109627.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1131CB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1131CB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F114A4CD.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F114A4CD.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F126365.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F126365.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F12D682.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F12D682.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F134876.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F134876.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F165A59.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F165A59.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F185EC5.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F185EC5.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F19ADF2A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F19ADF2A.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1A1F36C.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1A1F36C.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1A282A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1A282A.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1AAB2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1AAB2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1AAC2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1AAC2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1BF24.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1BF24.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D0E7A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D0E7A.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D1D2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D1D2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D220.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D220.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D5B50E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D5B50E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D6A4.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D6A4.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1DAC13B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1DAC13B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1DAEE0.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1DAEE0.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1E366.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1E366.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F205A3.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F205A3.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F209BA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F209BA.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F20A27.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F20A27.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F20C89.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F20C89.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F21A44.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F21A44.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F21AA2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F21AA2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F22291.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F22291.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F226924.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F226924.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F227C2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F227C2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F228CB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F228CB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F228FA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F228FA.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F22A71.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F22A71.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2301E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2301E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23157.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23157.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23222.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23222.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23500.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23500.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F235DDC1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F235DDC1.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23AD4D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23AD4D.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24200.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24200.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2424E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2424E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24414.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24414.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24B28.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24B28.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24B76.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24B76.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2524C.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2524C.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F252C9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F252C9.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25411.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25411.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25634.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25634.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25903.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25903.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25B84.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25B84.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25C10.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25C10.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25CBC.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25CBC.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25D39.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25D39.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25E33.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25E33.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26121.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26121.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26920.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26920.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2694F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2694F.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2698D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2698D.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26B04.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26B04.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26E31.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26E31.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26F98.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26F98.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F27749.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F27749.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F279B86.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F279B86.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F27B60.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F27B60.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F27EDA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F27EDA.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F281A9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F281A9.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2839D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2839D.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F288FC.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F288FC.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F29948.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F29948.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F29F43.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F29F43.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2A425.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2A425.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2A761.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2A761.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2AACC.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2AACC.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2AB1B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2AB1B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2AD4D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2AD4D.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2ADAB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2ADAB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2B02B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2B02B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2B125.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2B125.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2B78E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2B78E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2BBE3.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2BBE3.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2BDC8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2BDC8.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2C402.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2C402.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2CBE1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2CBE1.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2CEDF.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2CEDF.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D094.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D094.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D279.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D279.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D7D8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D7D8.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D7E7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D7E7.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D93F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D93F.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2E005.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2E005.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2E4A9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2E4A9.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2EAA4.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2EAA4.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2EC98.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2EC98.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2EEBB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2EEBB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2F18A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2F18A.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2F37E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2F37E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2FF74.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2FF74.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F30A32.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F30A32.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F30CC3.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F30CC3.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F31732.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F31732.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F318F8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F318F8.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F32DB8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F32DB8.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F343B1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F343B1.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F344F0E5.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F344F0E5.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3512E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3512E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F35228.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F35228.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F355E1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F355E1.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F35CA8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F35CA8.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F37957.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F37957.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F37CA2A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F37CA2A.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F39F7F16.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F39F7F16.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3C6EB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3C6EB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3C9E8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3C9E8.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3CEF9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3CEF9.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3F10052.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3F10052.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3FE76.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3FE76.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F435722.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F435722.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F44FC2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F44FC2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F45C55.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F45C55.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F47069.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F47069.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F48B06.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F48B06.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4A1CA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4A1CA.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4BCC4.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4BCC4.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4C0FA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4C0FA.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4CA51.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4CA51.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4DD3D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4DD3D.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4E691E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4E691E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4EBD59.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4EBD59.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F51082.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F51082.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F515A4B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F515A4B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F529D6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F529D6.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5329034.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5329034.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5360B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5360B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F53A61.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F53A61.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F53DEB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F53DEB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F56A2B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F56A2B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F56CF05.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F56CF05.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F56F5B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F56F5B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F58506.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F58506.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F588FC98.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F588FC98.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F591AC59.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F591AC59.exe File not found

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Second Part of OTL

Post by kyle_and_tara317 on Sat Mar 27, 2010 6:14 pm

O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5D2F7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5D2F7.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5DAB7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5DAB7.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5DD970B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5DD970B.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5EDF1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5EDF1.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5FDD04.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5FDD04.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6185D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6185D.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F638B2E5.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F638B2E5.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6A5A17E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6A5A17E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6B4EB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6B4EB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6EBBA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6EBBA.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6F81C6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6F81C6.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7307411.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7307411.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F73781E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F73781E.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F77B58.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F77B58.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F78B07.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F78B07.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7AF68.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7AF68.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7AFB6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7AFB6.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7E3D42.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7E3D42.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8042F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8042F.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8576F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8576F.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F86BD2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F86BD2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8AF02E1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8AF02E1.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8DDD6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8DDD6.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8E623.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8E623.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F90880.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F90880.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F9DCF6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F9DCF6.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FAAAC6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FAAAC6.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FB4CC2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FB4CC2.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FB83B1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FB83B1.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FD0967.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FD0967.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FDD561.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FDD561.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FDDC76.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FDDC76.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FE68F7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FE68F7.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FE74775.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FE74775.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FF66EBB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FF66EBB.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [Jenkat Arcade] C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat\Jenkat Games Arcade\NotifyApp.exe ( )
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [xejrhbpn] C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph\jlhosftav.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\KYLE\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\Startup\Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-507921405-616249376-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..Trusted Domains: ebay.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..Trusted Domains: myspace.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} [You must be registered and logged in to see this link.] (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [You must be registered and logged in to see this link.] (WoF Control)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} [You must be registered and logged in to see this link.] (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} [You must be registered and logged in to see this link.] (CGameManagerCtrl Object)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} [You must be registered and logged in to see this link.] (FamilyFeud Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [You must be registered and logged in to see this link.] (Oberon Flash Game Host)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\c8986672647: DllName - C:\WINDOWS\System32\comaddin32.dll - C:\WINDOWS\System32\comaddin32.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/16 10:01:15 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/16 09:51:52 | 007,680,936 | R--- | M] (THQ) - I:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007/10/05 05:45:10 | 000,000,049 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0473757c-8a6d-11de-b0db-0011d8751e53}\Shell\AutoRun\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{0473757c-8a6d-11de-b0db-0011d8751e53}\Shell\Flip Video for PC\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{5706b4ad-f062-11de-b1e6-0011d8751e53}\Shell - "" = AutoRun
O33 - MountPoints2\{5706b4ad-f062-11de-b1e6-0011d8751e53}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5706b4ad-f062-11de-b1e6-0011d8751e53}\Shell\AutoRun\command - "" = K:\DPFMate.exe -- File not found
O33 - MountPoints2\{c33b3797-2b51-11df-b20b-0011d8751e53}\Shell\AutoRun\command - "" = L:\PhotoViewerAP_V3.1.9.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/25 18:26:10 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/03/25 14:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph
[2010/03/22 15:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2010/03/22 15:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Zoodles
[2010/02/28 23:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/02/25 08:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/10 23:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\CommentsBar_-_Social_Comments
[2010/02/10 23:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/02/03 16:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/31 23:40:33 | 537,872,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Microsoft The Ultimate Steal.exe
[2009/10/04 01:57:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/29 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/08/28 18:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/07/19 00:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/18 23:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/15 05:01:21 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2009/07/14 23:23:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/27 13:38:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/27 13:37:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/27 13:36:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/27 13:32:32 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\NTUSER.DAT
[2010/03/27 13:32:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\ntuser.ini
[2010/03/27 13:31:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3EDB2-EA9D-4E16-B527-D8245650ADC7}.job
[2010/03/27 13:27:09 | 057,977,134 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/27 13:19:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 13:07:38 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/27 13:07:38 | 000,000,845 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/27 13:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/27 11:56:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/27 11:54:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/25 03:30:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
[2010/03/24 22:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/23 20:41:34 | 000,010,678 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\question on bojangles application.docx
[2010/03/22 15:42:59 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zoodles.lnk
[2010/03/22 15:39:22 | 001,845,790 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\zoodles.air
[2010/03/18 03:49:15 | 000,004,434 | ---- | M] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Desktop\doug.jpg
[2010/03/15 12:09:45 | 000,513,396 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 12:09:45 | 000,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 12:09:45 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/23 20:41:34 | 000,010,678 | ---- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\question on bojangles application.docx
[2010/03/22 15:42:59 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zoodles.lnk
[2010/03/22 15:39:15 | 001,845,790 | ---- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\zoodles.air
[2010/03/18 03:49:09 | 000,004,434 | ---- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Desktop\doug.jpg
[2010/03/14 22:40:03 | 000,166,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/05 18:01:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/11/04 16:35:33 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Smiley.ico
[2009/09/10 08:37:51 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/16 11:13:48 | 092,832,152 | ---- | C] () -- C:\Program Files\Setup_FlipShare.exe
[2009/07/29 13:41:46 | 000,006,782 | ---- | C] () -- C:\Program Files\Tara July 2009.m3u
[2009/07/15 16:12:50 | 000,018,692 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/07/15 16:05:18 | 000,005,609 | -HS- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647C.manifest
[2009/07/15 16:05:18 | 000,003,023 | -HS- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647P.manifest
[2009/07/15 16:05:18 | 000,000,937 | -HS- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647O.manifest
[2009/07/15 16:05:18 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647S.manifest
[2009/07/08 14:25:50 | 000,002,306 | ---- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\wklnhst.dat
[2008/09/19 23:11:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2008/08/21 12:10:18 | 000,000,178 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/08/14 11:08:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2008/05/14 13:36:09 | 000,000,687 | ---- | C] () -- C:\WINDOWS\HEGAMES.INI
[2008/05/08 13:11:52 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 02:33:53 | 000,000,018 | ---- | C] () -- C:\WINDOWS\nshelikg.ini
[2008/03/29 20:42:41 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/03/29 12:54:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== LOP Check ==========

[2009/11/04 22:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\232CE
[2009/11/18 12:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/11/18 12:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/07/13 13:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2008/05/12 08:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/07/11 22:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/07/16 05:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2009/07/14 23:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/22 00:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
[2009/07/10 20:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/04/11 08:48:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/17 13:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2009/12/10 13:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2010/01/02 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2009/11/04 17:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E399
[2009/12/14 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2009/10/30 06:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/06/04 13:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2008/12/27 15:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fisher-Price
[2009/09/15 13:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2009/08/16 11:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2009/11/24 07:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/05/25 23:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2009/09/01 06:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008/05/09 10:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/11/06 14:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/05/27 15:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/10/30 05:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/05/13 15:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/03/08 20:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/10/25 15:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hitpointstudios
[2008/05/29 02:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2008/05/25 23:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/11/06 22:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/11/30 13:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/07/15 08:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2009/10/27 09:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2008/06/18 19:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2009/10/21 14:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/11/02 12:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/05/15 12:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/05/27 13:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2009/11/19 07:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2008/05/21 05:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009/12/10 14:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/12/31 18:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/08/12 14:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/01/28 15:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/03/21 09:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/15 13:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2008/05/20 16:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009/07/12 18:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/11/06 06:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wrinkle-free Games
[2009/10/22 14:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2009/09/15 16:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/08/09 18:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ashlynn\Application Data\AT&T
[2009/08/31 17:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ethyn\Application Data\AT&T
[2010/03/25 17:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ethyn\Application Data\bearsharetb
[2008/05/14 12:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ethyn\Application Data\Dealio
[2009/06/21 18:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ethyn\Application Data\EGAMESTOOLBAR
[2010/03/25 17:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ethyn\Application Data\imeshmediabartb
[2009/07/20 18:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\AT&T
[2009/11/07 22:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\bearsharetb
[2008/04/15 20:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\Dealio
[2008/12/30 22:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\EGAMESTOOLBAR
[2008/03/29 23:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\ErrorSmart
[2009/11/07 22:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\imeshmediabartb
[2009/02/24 17:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\Leadertech
[2009/11/07 09:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\LimeWire
[2008/04/03 06:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KYLE\Application Data\Pogo Games
[2010/03/20 10:06:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\.#
[2009/12/01 18:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\acccore
[2009/10/27 06:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\AlterLab
[2009/07/11 22:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\AT&T
[2009/07/16 05:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\ATTToolbar
[2009/11/17 14:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Awem
[2009/10/27 05:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\BeachPartyCraze
[2009/11/06 14:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\BearShareTb
[2009/07/15 19:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\BlamGames
[2009/10/31 11:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\blinkx
[2009/09/03 14:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Boolat Games
[2009/01/23 14:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Canon
[2009/07/23 06:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\ChessBase
[2010/03/22 15:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2009/07/16 12:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\CupcakeCafe
[2010/01/02 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Curious Sense
[2009/10/26 21:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\EleFun Games
[2009/10/30 12:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Enchanted Katya
[2008/05/15 15:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Eyeblaster
[2009/11/24 07:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Flood Light Games
[2008/06/17 17:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Friday's games
[2009/11/10 14:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\funkitron
[2010/02/28 13:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Gaijin Ent
[2009/11/06 14:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\GameHouse
[2009/11/11 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\GameInvest
[2009/11/30 12:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Gamelab
[2009/11/12 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\GetRightToGo
[2009/10/30 12:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Go-Go Gourmet Chef of the Year
[2009/08/12 09:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\GOL_byHasbro
[2008/06/12 20:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Home Sweet Home
[2009/07/15 16:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\HuruBeachParty
[2009/11/04 22:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\iMeshMediabarTb
[2008/04/17 09:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\InterTrust
[2009/11/06 15:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\iWin
[2008/05/09 07:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jane s Hotel Family Hero
[2009/10/24 21:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat
[2008/05/08 09:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Leadertech
[2010/03/27 13:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\LimeWire
[2009/11/30 13:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Ludia
[2009/07/15 08:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mean Hamster
[2009/10/27 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Meridian93
[2009/10/27 09:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Merscom
[2009/07/10 20:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mind Control Software
[2009/11/30 16:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\My Games
[2010/03/15 10:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\MysteryStudio
[2008/05/12 14:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Oberon Games
[2010/01/05 01:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\PlayFirst
[2009/11/16 15:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Playrix Entertainment
[2010/03/05 11:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Pogo Games
[2008/05/13 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Sandlot Games
[2009/11/20 13:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\SecretIslandEng
[2009/11/19 17:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Shape games
[2009/08/06 10:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Shockwave JanesZOO
[2009/11/06 07:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Skip-Bo
[2009/07/08 14:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Template
[2008/05/12 05:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Total Eclipse
[2009/07/15 13:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\UClick
[2009/08/04 08:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\UNOUndercover
[2009/12/14 12:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\V-Games
[2008/05/20 16:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Valusoft
[2009/11/11 10:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\ViquaSoft
[2009/07/12 18:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\WildTangent
[2009/07/22 12:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\YoudaGames
[2009/07/20 18:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\AT&T
[2010/03/25 03:30:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
[2010/03/27 13:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/03/27 13:31:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3EDB2-EA9D-4E16-B527-D8245650ADC7}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFC63BDF
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7CDE12
@Alternate Data Stream - 451 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D81A09B0
@Alternate Data Stream - 351 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5068A2C2
@Alternate Data Stream - 347 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:766C5F65
@Alternate Data Stream - 343 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CB560CF
@Alternate Data Stream - 339 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:995B275C
@Alternate Data Stream - 325 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AF3A05F
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B1A93C
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58D2A680
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:414E0D0A
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9171F21
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417EFB56
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35B96AD4
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A268CA1
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93060EC
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D30CE047
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30C46519
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90E3641D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C20507F
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B502CB
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:226A6E31
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:273A8657
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A86C3734
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F2005B7
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:105E01CF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68280D1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:858D9994
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:444C53BA
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3B92717
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F34C507
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3447AB86
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFDB2A03
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54102AD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567AC0A6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57648A0A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E15223FD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DCA26D5
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1256631
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F84BF39
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6262CFB7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D455373F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15C56B30
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3572D79
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8908BDEA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11F7EB8A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3FF453
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A79A8D4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:337F99D4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B85E5267
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97BC2CAF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EE92
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F7562E0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2A75106
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41C283B2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23B59626
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F5CA41B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BD37F0D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A4F645
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD8F016
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D67F1A7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02543757
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B84BE2FE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90E60569
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B12C559
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E31DE83
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:327FAF99
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2792EE7C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0127DBDE
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D9BFED
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A41BE14
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3D0CDFE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14FA5E46
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA044A6F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CCBA03D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DE807EE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EAE3ABC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C16B18
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5B501E5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:510ACC5F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EEA9E7B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D37AE80B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE125DFD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CBAF5F3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71392222
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C98CD834
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4BF246C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91911DF0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90F98586
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:726FDB23
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D4F7F2B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03B3646C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A98B12D4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95600B33
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDFAF55B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE187F5B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D74540D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53ABB239
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFA2B66
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1EA8A42
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18121AD
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E
< End of report >

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sat Mar 27, 2010 6:31 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    Java(TM) 6 Update 15
    LimeWire 5.4.6
    MediaBar

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {01ECA9F2-0E98-48C7-953E-8C8D75B45D37} - C:\WINDOWS\System32\dciman3232.dll File not found
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
    O2 - BHO: (CommentsBar - Social Comments Toolbar) - {3192b808-ec27-4332-b6c6-97f82692cad5} - C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll (Conduit Ltd.)
    O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
    O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
    O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
    O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKLM\..\Toolbar: (CommentsBar - Social Comments Toolbar) - {3192b808-ec27-4332-b6c6-97f82692cad5} - C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (CommentsBar - Social Comments Toolbar) - {3192B808-EC27-4332-B6C6-97F82692CAD5} - C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-507921405-616249376-725345543-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKLM..\Run: [rewiguzen] C:\WINDOWS\System32\sikizela.DLL File not found
    O4 - HKLM..\Run: [xejrhbpn] C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph\jlhosftav.exe ()
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F109627.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F109627.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1131CB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1131CB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F114A4CD.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F114A4CD.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F126365.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F126365.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F12D682.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F12D682.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F134876.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F134876.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F165A59.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F165A59.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F185EC5.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F185EC5.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F19ADF2A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F19ADF2A.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1A1F36C.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1A1F36C.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1A282A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1A282A.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1AAB2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1AAB2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1AAC2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1AAC2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1BF24.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1BF24.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D0E7A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D0E7A.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D1D2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D1D2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D220.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D220.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D5B50E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D5B50E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1D6A4.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1D6A4.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1DAC13B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1DAC13B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1DAEE0.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1DAEE0.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F1E366.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F1E366.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F205A3.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F205A3.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F209BA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F209BA.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F20A27.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F20A27.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F20C89.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F20C89.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F21A44.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F21A44.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F21AA2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F21AA2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F22291.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F22291.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F226924.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F226924.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F227C2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F227C2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F228CB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F228CB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F228FA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F228FA.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F22A71.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F22A71.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2301E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2301E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23157.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23157.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23222.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23222.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23500.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23500.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F235DDC1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F235DDC1.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F23AD4D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F23AD4D.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24200.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24200.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2424E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2424E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24414.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24414.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24B28.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24B28.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F24B76.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F24B76.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2524C.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2524C.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F252C9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F252C9.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25411.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25411.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25634.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25634.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25903.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25903.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25B84.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25B84.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25C10.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25C10.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25CBC.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25CBC.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25D39.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25D39.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F25E33.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F25E33.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26121.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26121.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26920.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26920.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2694F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2694F.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2698D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2698D.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26B04.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26B04.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26E31.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26E31.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F26F98.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F26F98.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F27749.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F27749.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F279B86.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F279B86.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F27B60.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F27B60.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F27EDA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F27EDA.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F281A9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F281A9.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2839D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2839D.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F288FC.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F288FC.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F29948.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F29948.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F29F43.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F29F43.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2A425.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2A425.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2A761.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2A761.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2AACC.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2AACC.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2AB1B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2AB1B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2AD4D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2AD4D.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2ADAB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2ADAB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2B02B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2B02B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2B125.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2B125.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2B78E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2B78E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2BBE3.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2BBE3.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2BDC8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2BDC8.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2C402.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2C402.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2CBE1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2CBE1.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2CEDF.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2CEDF.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D094.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D094.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D279.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D279.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D7D8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D7D8.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D7E7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D7E7.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2D93F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2D93F.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2E005.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2E005.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2E4A9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2E4A9.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2EAA4.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2EAA4.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2EC98.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2EC98.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2EEBB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2EEBB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2F18A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2F18A.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2F37E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2F37E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F2FF74.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F2FF74.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F30A32.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F30A32.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F30CC3.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F30CC3.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F31732.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F31732.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F318F8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F318F8.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F32DB8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F32DB8.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F343B1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F343B1.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F344F0E5.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F344F0E5.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3512E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3512E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F35228.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F35228.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F355E1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F355E1.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F35CA8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F35CA8.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F37957.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F37957.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F37CA2A.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F37CA2A.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F39F7F16.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F39F7F16.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3C6EB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3C6EB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3C9E8.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3C9E8.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3CEF9.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3CEF9.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3F10052.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3F10052.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F3FE76.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F3FE76.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F435722.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F435722.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F44FC2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F44FC2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F45C55.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F45C55.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F47069.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F47069.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F48B06.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F48B06.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4A1CA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4A1CA.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4BCC4.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4BCC4.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4C0FA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4C0FA.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4CA51.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4CA51.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4DD3D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4DD3D.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4E691E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4E691E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F4EBD59.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F4EBD59.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F51082.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F51082.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F515A4B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F515A4B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F529D6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F529D6.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5329034.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5329034.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5360B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5360B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F53A61.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F53A61.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F53DEB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F53DEB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F56A2B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F56A2B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F56CF05.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F56CF05.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F56F5B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F56F5B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F58506.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F58506.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F588FC98.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F588FC98.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F591AC59.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F591AC59.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5D2F7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5D2F7.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5DAB7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5DAB7.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5DD970B.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5DD970B.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5EDF1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5EDF1.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F5FDD04.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F5FDD04.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6185D.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6185D.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F638B2E5.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F638B2E5.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6A5A17E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6A5A17E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6B4EB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6B4EB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6EBBA.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6EBBA.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F6F81C6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F6F81C6.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7307411.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7307411.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F73781E.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F73781E.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F77B58.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F77B58.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F78B07.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F78B07.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7AF68.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7AF68.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7AFB6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7AFB6.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F7E3D42.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F7E3D42.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8042F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8042F.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8576F.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8576F.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F86BD2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F86BD2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8AF02E1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8AF02E1.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8DDD6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8DDD6.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F8E623.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F8E623.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F90880.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F90880.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00F9DCF6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00F9DCF6.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FAAAC6.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FAAAC6.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FB4CC2.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FB4CC2.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FB83B1.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FB83B1.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FD0967.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FD0967.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FDD561.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FDD561.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FDDC76.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FDDC76.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FE68F7.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FE68F7.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FE74775.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FE74775.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [A00FF66EBB.exe] C:\DOCUME~1\TARA~1.HP-\LOCALS~1\Temp\_A00FF66EBB.exe File not found
    O4 - HKU\S-1-5-21-507921405-616249376-725345543-1005..\Run: [xejrhbpn] C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph\jlhosftav.exe ()
    O20 - Winlogon\Notify\c8986672647: DllName - C:\WINDOWS\System32\comaddin32.dll - C:\WINDOWS\System32\comaddin32.dll File not found
    [2010/03/25 14:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph
    [2010/03/27 13:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

I am not able to go into add/remove files. Results from running the fix

Post by kyle_and_tara317 on Sat Mar 27, 2010 6:54 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01ECA9F2-0E98-48C7-953E-8C8D75B45D37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ECA9F2-0E98-48C7-953E-8C8D75B45D37}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
File C:\Program Files\BearShareTb\BearShareDx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3192b808-ec27-4332-b6c6-97f82692cad5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3192b808-ec27-4332-b6c6-97f82692cad5}\ deleted successfully.
C:\Program Files\CommentsBar_-_Social_Comments\tbCom1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
C:\Program Files\SGPSA\SearchAssistant.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}\ deleted successfully.
C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
C:\Program Files\SGPSA\BHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
File C:\Program Files\BearShareTb\BearShareDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully.
File C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3192b808-ec27-4332-b6c6-97f82692cad5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3192b808-ec27-4332-b6c6-97f82692cad5}\ not found.
File _Social_Comments\tbCom1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}\ not found.
File C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3192B808-EC27-4332-B6C6-97F82692CAD5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3192B808-EC27-4332-B6C6-97F82692CAD5}\ not found.
File _Social_Comments\tbCom1.dll not found.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rewiguzen deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xejrhbpn deleted successfully.
C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph\jlhosftav.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F109627.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1131CB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F114A4CD.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F126365.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F12D682.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F134876.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F165A59.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F185EC5.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F19ADF2A.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1A1F36C.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1A282A.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1AAB2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1AAC2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1BF24.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1D0E7A.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1D1D2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1D220.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1D5B50E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1D6A4.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1DAC13B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1DAEE0.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F1E366.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F205A3.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F209BA.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F20A27.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F20C89.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F21A44.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F21AA2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F22291.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F226924.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F227C2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F228CB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F228FA.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F22A71.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2301E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F23157.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F23222.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F23500.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F235DDC1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F23AD4D.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F24200.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2424E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F24414.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F24B28.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F24B76.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2524C.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F252C9.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25411.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25634.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25903.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25B84.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25C10.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25CBC.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25D39.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F25E33.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F26121.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F26920.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2694F.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2698D.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F26B04.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F26E31.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F26F98.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F27749.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F279B86.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F27B60.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F27EDA.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F281A9.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2839D.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F288FC.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F29948.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F29F43.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2A425.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2A761.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2AACC.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2AB1B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2AD4D.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2ADAB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2B02B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2B125.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2B78E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2BBE3.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2BDC8.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2C402.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2CBE1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2CEDF.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2D094.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2D279.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2D7D8.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2D7E7.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2D93F.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2E005.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2E4A9.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2EAA4.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2EC98.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2EEBB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2F18A.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2F37E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F2FF74.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F30A32.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F30CC3.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F31732.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F318F8.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F32DB8.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F343B1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F344F0E5.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3512E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F35228.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F355E1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F35CA8.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F37957.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F37CA2A.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F39F7F16.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3C6EB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3C9E8.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3CEF9.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3F10052.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F3FE76.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F435722.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F44FC2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F45C55.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F47069.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F48B06.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F4A1CA.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F4BCC4.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F4C0FA.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F4CA51.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F4DD3D.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F4E691E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F4EBD59.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F51082.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F515A4B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F529D6.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5329034.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5360B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F53A61.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F53DEB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F56A2B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F56CF05.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F56F5B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F58506.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F588FC98.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F591AC59.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5D2F7.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5DAB7.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5DD970B.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5EDF1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F5FDD04.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F6185D.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F638B2E5.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F6A5A17E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F6B4EB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F6EBBA.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F6F81C6.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F7307411.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F73781E.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F77B58.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F78B07.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F7AF68.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F7AFB6.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F7E3D42.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F8042F.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F8576F.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F86BD2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F8AF02E1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F8DDD6.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F8E623.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F90880.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00F9DCF6.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FAAAC6.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FB4CC2.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FB83B1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FD0967.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FDD561.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FDDC76.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FE68F7.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FE74775.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\A00FF66EBB.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-616249376-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\xejrhbpn deleted successfully.
File C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph\jlhosftav.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c8986672647\ deleted successfully.
C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\qkmhph folder moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

OTL by OldTimer - Version 3.1.37.3 log created on 03272010_145202

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sat Mar 27, 2010 6:59 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by kyle_and_tara317 on Sat Mar 27, 2010 8:17 pm

It worked! Thank you so much!!!!! Smile

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sat Mar 27, 2010 8:18 pm

Please post the Combofix log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Combofix log

Post by kyle_and_tara317 on Sat Mar 27, 2010 8:50 pm

ComboFix 10-03-26.02 - TARA 03/27/2010 15:23:04.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.587 [GMT -4:00]
Running from: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\ashlynn\Application Data\02000000a27016cf647C.manifest
c:\documents and settings\ashlynn\Application Data\02000000a27016cf647O.manifest
c:\documents and settings\ashlynn\Application Data\02000000a27016cf647P.manifest
c:\documents and settings\ashlynn\Application Data\02000000a27016cf647S.manifest
c:\documents and settings\Ethyn\Application Data\02000000a27016cf647C.manifest
c:\documents and settings\Ethyn\Application Data\02000000a27016cf647O.manifest
c:\documents and settings\Ethyn\Application Data\02000000a27016cf647P.manifest
c:\documents and settings\Ethyn\Application Data\02000000a27016cf647S.manifest
c:\documents and settings\KYLE\Application Data\02000000a27016cf647C.manifest
c:\documents and settings\KYLE\Application Data\02000000a27016cf647O.manifest
c:\documents and settings\KYLE\Application Data\02000000a27016cf647P.manifest
c:\documents and settings\KYLE\Application Data\02000000a27016cf647S.manifest
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\.#
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\.#\MBX@5B4@374190.###
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\.#\MBX@5B4@3741C0.###
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\.#\MBX@5B4@3741F0.###
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647C.manifest
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647O.manifest
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647P.manifest
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\02000000a27016cf647S.manifest
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{83a504ae-e4e0-4112-9db4-b7d25952ecca}
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{83a504ae-e4e0-4112-9db4-b7d25952ecca}\chrome.manifest
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{83a504ae-e4e0-4112-9db4-b7d25952ecca}\chrome\xulcache.jar
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{83a504ae-e4e0-4112-9db4-b7d25952ecca}\defaults\preferences\xulcache.js
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\extensions\{83a504ae-e4e0-4112-9db4-b7d25952ecca}\install.rdf
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\PlayMP3z
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif
c:\documents and settings\Tina\Application Data\02000000a27016cf647C.manifest
c:\documents and settings\Tina\Application Data\02000000a27016cf647O.manifest
c:\documents and settings\Tina\Application Data\02000000a27016cf647P.manifest
c:\documents and settings\Tina\Application Data\02000000a27016cf647S.manifest
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\ToolBarBHO.dll
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\program files\SGPSA
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\GnuHashes.ini
c:\windows\system32\__c0015A90.exe
c:\windows\system32\__c001D47.exe
c:\windows\system32\__c001F6E9.exe
c:\windows\system32\__c0021244.exe
c:\windows\system32\__c002C244.exe
c:\windows\system32\__c002FC8C.exe
c:\windows\system32\__c0033BB9.exe
c:\windows\system32\__c0035390.exe
c:\windows\system32\__c0035A04.exe
c:\windows\system32\__c0036B85.exe
c:\windows\system32\__c00391D6.exe
c:\windows\system32\__c003A466.exe
c:\windows\system32\__c00413C6.exe
c:\windows\system32\__c0045ED2.exe
c:\windows\system32\__c0047D86.exe
c:\windows\system32\__c00524B1.exe
c:\windows\system32\__c0055E66.exe
c:\windows\system32\__c0055F7B.exe
c:\windows\system32\__c0056031.exe
c:\windows\system32\__c0059959.exe
c:\windows\system32\__c005BC71.exe
c:\windows\system32\__c005CF8B.exe
c:\windows\system32\__c00629BF.exe
c:\windows\system32\__c006AE20.exe
c:\windows\system32\__c0075CCA.exe
c:\windows\system32\__c007F6FA.exe
c:\windows\system32\__c007FD3C.exe
c:\windows\system32\__c008051F.exe
c:\windows\system32\__c00891BC.exe
c:\windows\system32\__c008DDC5.exe
c:\windows\system32\__c0096096.exe
c:\windows\system32\__c009913C.exe
c:\windows\system32\__c00A24CE.exe
c:\windows\system32\__c00A5C96.exe
c:\windows\system32\__c00A5EC1.exe
c:\windows\system32\__c00AEE9.exe
c:\windows\system32\__c00B885C.exe
c:\windows\system32\__c00BBD09.exe
c:\windows\system32\__c00BE519.exe
c:\windows\system32\__c00C5612.exe
c:\windows\system32\__c00C7869.exe
c:\windows\system32\__c00D3E04.exe
c:\windows\system32\__c00DB96D.exe
c:\windows\system32\__c00DC412.exe
c:\windows\system32\__c00DC6AA.exe
c:\windows\system32\__c00DFB71.exe
c:\windows\system32\__c00E7176.exe
c:\windows\system32\__c00E8F6D.exe
c:\windows\system32\__c00E9C4E.exe
c:\windows\system32\__c00EB043.exe
c:\windows\system32\__c00EBF01.exe
c:\windows\system32\__c00EE890.exe
c:\windows\system32\__c00F0FCC.exe
c:\windows\system32\__c00F1E8D.exe
c:\windows\system32\__c00FCE22.exe
c:\windows\system32\__c00FE354.exe
c:\windows\system32\__c00FFF71.exe
c:\windows\system32\51az5.vbs
c:\windows\system32\54CdGCq.vbs
c:\windows\system32\7iX8b56.vbs
c:\windows\system32\di7cfS1IkyrmZ.vbs
c:\windows\system32\dNIhkfAWS9Orb.vbs
c:\windows\system32\eByHmJm.vbs
c:\windows\system32\EOQmoBod8B8aR.vbs
c:\windows\system32\gNwSoOh.vbs
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\kAVjAoG.vbs
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au
c:\windows\system32\LocalService\320.music4.au.kwd
c:\windows\system32\MKZ3y1MXn63OD5I.vbs
c:\windows\system32\OCYpMv7.vbs
c:\windows\system32\rUkx9RzgQTiqRnN.vbs
c:\windows\system32\RXhD74o.vbs
C:\xcrashdump.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 19:19 . 2010-03-27 19:21 -------- d-----w- C:\Combo-Fix
2010-03-27 18:40 . 2010-03-27 18:40 -------- d-----w- C:\_OTL
2010-03-25 21:18 . 2010-03-25 21:18 -------- d-sh--w- c:\documents and settings\Ethyn\PrivacIE
2010-03-22 19:43 . 2010-03-22 19:43 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
2010-03-22 19:42 . 2010-03-22 19:42 -------- d-----w- c:\program files\Zoodles
2010-03-22 19:33 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\AskToolbar
2010-03-22 19:33 . 2010-03-22 19:33 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\AIM Toolbar
2010-03-22 19:33 . 2010-03-22 19:33 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\Conduit
2010-03-22 19:33 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\CommentsBar_-_Social_Comments
2010-03-22 19:29 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Application Data\imeshmediabartb
2010-03-22 19:29 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Application Data\bearsharetb
2010-03-15 02:40 . 2010-03-15 02:40 166888 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-11 00:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 15:58 . 2010-03-10 15:58 -------- d-----w- C:\ST_Temp
2010-03-01 03:33 . 2010-03-01 03:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-01 03:32 . 2010-03-01 03:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-28 17:03 . 2010-02-28 17:03 -------- d-----w- c:\program files\Mystery Cookbook
2010-02-28 17:03 . 2010-02-28 17:03 -------- d-----w- c:\program files\Common Files\Mystery Cookbook
2010-02-26 01:22 . 2010-02-26 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-26 01:22 . 2010-02-26 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-02-26 01:22 . 2010-03-01 03:32 -------- d-----w- c:\program files\McAfee Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 19:45 . 2008-04-09 17:07 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\LimeWire
2010-03-27 18:52 . 2009-07-13 17:13 -------- d-----w- c:\program files\Ask.com
2010-03-27 18:52 . 2009-11-05 02:48 -------- d-----w- c:\program files\iMeshMediabarTb
2010-03-27 18:52 . 2009-10-22 15:41 -------- d-----w- c:\program files\CommentsBar_-_Social_Comments
2010-03-27 18:51 . 2009-11-04 20:35 -------- d-----w- c:\program files\BearShareTb
2010-03-23 02:44 . 2009-11-12 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-22 19:42 . 2009-07-13 09:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-22 19:41 . 2010-03-22 19:42 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-03-22 19:41 . 2009-07-13 09:44 38784 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-03-21 13:11 . 2008-04-03 10:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-15 19:14 . 2009-08-05 09:08 524288 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat\Jenkat Games Arcade\NotifyApp.exe
2010-03-15 19:14 . 2009-07-28 09:47 2478080 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat\Jenkat Games Arcade\JenkatGA.exe
2010-03-15 14:46 . 2008-05-26 03:08 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\MysteryStudio
2010-03-05 17:39 . 2008-04-03 10:10 -------- d-----w- c:\program files\Oberon Media
2010-03-05 15:20 . 2008-05-28 14:36 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Pogo Games
2010-02-28 17:15 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Gaijin Ent
2010-02-28 17:02 . 2009-10-31 15:35 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-02-26 01:42 . 2009-07-13 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-26 01:22 . 2010-02-26 01:21 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-02-19 16:53 . 2009-07-08 18:25 2306 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\wklnhst.dat
2010-02-17 19:53 . 2010-02-17 19:51 -------- d-----w- c:\program files\Farm Mania 2
2010-02-08 15:21 . 2010-02-08 15:21 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Sony Corporation
2010-02-08 15:07 . 2008-03-30 00:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 15:02 . 2010-02-08 15:02 -------- d-----w- c:\program files\Sony
2010-02-08 15:01 . 2010-02-08 15:01 10134 ----a-r- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2010-02-07 16:48 . 2009-03-17 17:14 -------- d-----w- c:\program files\QuickTime
2010-02-07 16:48 . 2009-03-17 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-07 16:47 . 2010-02-07 16:47 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 16:46 . 2010-02-07 16:46 -------- d-----w- c:\program files\Apple Software Update
2010-02-07 16:46 . 2010-02-07 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-05 07:11 . 2008-03-29 16:11 -------- d-----w- c:\program files\Google
2010-02-03 21:21 . 2008-03-30 03:46 -------- d-----w- c:\program files\LimeWire
2010-02-01 03:55 . 2009-08-09 07:13 -------- d-----w- c:\program files\MSBuild
2010-02-01 03:51 . 2010-02-01 03:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-01 03:40 . 2010-02-01 03:40 537872064 ----a-w- c:\program files\Microsoft The Ultimate Steal.exe
2010-01-31 05:06 . 2009-12-10 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-29 04:07 . 2010-01-29 04:07 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\SUPERAntiSpyware.com
2010-01-29 04:07 . 2010-01-29 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\Yontoo Layers Client
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-01-21 21:05 . 2010-01-28 19:01 108544 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2010-01-21 21:05 . 2010-01-28 19:01 168448 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2009-12-31 16:50 . 2002-08-29 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-16 15:18 . 2009-08-16 15:13 92832152 ----a-w- c:\program files\Setup_FlipShare.exe
2009-07-29 17:41 . 2009-07-29 17:41 6782 ----a-w- c:\program files\Tara July 2009.m3u
2009-07-15 09:01 . 2009-07-15 09:01 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-01-21 21:05 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-02-25 1957888]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"Jenkat Arcade"="c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat\Jenkat Games Arcade\notifyapp.exe" [2010-03-15 524288]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 2550272]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-07 536184]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\KYLE\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-8 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-8-8 374104]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 13:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\TARA.HP-AYUOC1CQ7JDJ\\My Documents\\web browser\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/14/2009 11:24 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/14/2009 11:24 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/14/2009 11:24 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/14/2009 11:24 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/14/2009 11:24 PM 297752]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [5/25/2008 11:04 PM 29856]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate1ca0823e2136a62;Google Update Service (gupdate1ca0823e2136a62);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 11:49 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 SASENUM;SASENUM;\??\c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-29 02:01]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 03:49]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 03:49]

2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{BBA3EDB2-EA9D-4E16-B527-D8245650ADC7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: 0.0.0.0
Trusted Zone: chase.com
Trusted Zone: ebay.com\www
Trusted Zone: facebook.com\www
Trusted Zone: motive.com\patttbc.att
Trusted Zone: myspace.com\www
Trusted Zone: yahoo.com\login
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\plugins\npkimi.dll
FF - plugin: c:\program files\GoBit Games\BrowserPlugin\npgobitgamesplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("ui.use_native_colors", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("svg.smil.enabled", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.debug", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("html5.enable", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{3192b808-ec27-4332-b6c6-97f82692cad5} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
AddRemove-Burger Shop 2™ - c:\program files\GoBit
AddRemove-Game Console - WildGames - c:\program files\WildGames\Game Console - WildGames\Uninstall.exe
AddRemove-HijackThis - c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\Downloads\HijackThis.exe
AddRemove-Jane's Realty - c:\program files\Realore\Jane's Realty\Uninstall.exe
AddRemove-WildTangent wildgames Master Uninstall - c:\program files\WildGames\Uninstall.exe
AddRemove-WT070215 - c:\program files\WildGames\SpongeBob SquarePants Krabby Quest\Uninstall.exe
AddRemove-WT071409 - c:\program files\WildGames\SpongeBob Diner Dash\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-27 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-03-27 15:58:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 19:58

Pre-Run: 50,693,021,696 bytes free
Post-Run: 51,847,794,688 bytes free

- - End Of File - - 1CFDB81AB9758DCCB696BB293438D7BB

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sat Mar 27, 2010 9:05 pm

Hello.
Did you remove the items I suggested on my uninstall list.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    Java(TM) 6 Update 15
    LimeWire 5.4.6
    MediaBar

Please remvoe these before we continue.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by kyle_and_tara317 on Sat Mar 27, 2010 9:16 pm

Yes, I deleted all of them from the add/remove in the control panel.

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sat Mar 27, 2010 9:23 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

MBam Log

Post by kyle_and_tara317 on Sun Mar 28, 2010 5:17 am

Malwarebytes' Anti-Malware 1.44
Database version: 3922
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/28/2010 1:11:30 AM
mbam-log-2010-03-28 (01-11-30).txt

Scan type: Quick Scan
Objects scanned: 176905
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EvenMoreMegaSwellAdsForYouFF (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\EvenMoreMegaSwellAdsForYouFF (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\EvenMoreMegaSwellAdsForYou.DLL (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\KYLE\Application Data\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\KYLE\Application Data\ErrorSmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart\Microsoft.VC80.CRT (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart\Microsoft.VC80.MFC (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\win9d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\KYLE\Application Data\ErrorSmart\Log\2008 Mar 29 - 10_18_20 PM_562.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\KYLE\Application Data\ErrorSmart\Log\2008 Mar 29 - 10_18_25 PM_453.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\EvenMoreMegaSwellAdsForYou\uninstall.exe (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
C:\Documents and Settings\TARA.HP-AYUOC1CQ7JDJ\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sun Mar 28, 2010 12:57 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\Ask.com
    c:\Program Files\LimeWire
    c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\LimeWire
    c:\program files\BearShareTb

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by kyle_and_tara317 on Sun Mar 28, 2010 3:35 pm

I found the folder for ComboFix and dragged the notepad over to the folder and it did not do anything. I turned my anti-virus off.

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Combofix Log- I figured it out!

Post by kyle_and_tara317 on Sun Mar 28, 2010 4:46 pm

ComboFix 10-03-27.04 - TARA 03/28/2010 12:28:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.350 [GMT -4:00]
Running from: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\LimeWire
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\Whitney Houston.mp3.m3u
c:\program files\LimeWire\witney houston.m3u

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 15:28 . 2010-03-28 15:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-03-28 04:59 . 2010-03-28 04:59 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Malwarebytes
2010-03-28 04:59 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 04:59 . 2010-03-28 04:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 04:59 . 2010-03-28 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-28 04:59 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 19:19 . 2010-03-28 15:06 -------- d-----w- C:\Combo-Fix
2010-03-27 18:40 . 2010-03-27 18:40 -------- d-----w- C:\_OTL
2010-03-25 21:18 . 2010-03-25 21:18 -------- d-sh--w- c:\documents and settings\Ethyn\PrivacIE
2010-03-22 19:43 . 2010-03-22 19:43 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
2010-03-22 19:42 . 2010-03-22 19:42 -------- d-----w- c:\program files\Zoodles
2010-03-22 19:42 . 2010-03-22 19:41 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-03-22 19:33 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\AskToolbar
2010-03-22 19:33 . 2010-03-22 19:33 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\AIM Toolbar
2010-03-22 19:33 . 2010-03-22 19:33 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\Conduit
2010-03-22 19:33 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Local Settings\Application Data\CommentsBar_-_Social_Comments
2010-03-22 19:29 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Application Data\imeshmediabartb
2010-03-22 19:29 . 2010-03-25 21:18 -------- d-----w- c:\documents and settings\Ethyn\Application Data\bearsharetb
2010-03-15 02:40 . 2010-03-15 02:40 166888 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-11 00:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 15:58 . 2010-03-10 15:58 -------- d-----w- C:\ST_Temp
2010-03-01 03:33 . 2010-03-01 03:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-01 03:32 . 2010-03-01 03:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-28 17:03 . 2010-02-28 17:03 -------- d-----w- c:\program files\Mystery Cookbook
2010-02-28 17:03 . 2010-02-28 17:03 -------- d-----w- c:\program files\Common Files\Mystery Cookbook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 18:52 . 2009-10-22 15:41 -------- d-----w- c:\program files\CommentsBar_-_Social_Comments
2010-03-23 02:44 . 2009-11-12 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-22 19:42 . 2009-07-13 09:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-22 19:41 . 2009-07-13 09:44 38784 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-03-21 13:11 . 2008-04-03 10:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-15 19:14 . 2009-08-05 09:08 524288 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat\Jenkat Games Arcade\NotifyApp.exe
2010-03-15 19:14 . 2009-07-28 09:47 2478080 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat\Jenkat Games Arcade\JenkatGA.exe
2010-03-15 14:46 . 2008-05-26 03:08 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\MysteryStudio
2010-03-05 17:39 . 2008-04-03 10:10 -------- d-----w- c:\program files\Oberon Media
2010-03-05 15:20 . 2008-05-28 14:36 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Pogo Games
2010-03-01 03:32 . 2010-02-26 01:22 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-28 17:15 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Gaijin Ent
2010-02-28 17:02 . 2009-10-31 15:35 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-02-26 01:42 . 2009-07-13 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-26 01:22 . 2010-02-26 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-26 01:22 . 2010-02-26 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-02-26 01:22 . 2010-02-26 01:21 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-02-19 16:53 . 2009-07-08 18:25 2306 ----a-w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\wklnhst.dat
2010-02-17 19:53 . 2010-02-17 19:51 -------- d-----w- c:\program files\Farm Mania 2
2010-02-08 15:21 . 2010-02-08 15:21 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Sony Corporation
2010-02-08 15:07 . 2008-03-30 00:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 15:02 . 2010-02-08 15:02 -------- d-----w- c:\program files\Sony
2010-02-08 15:01 . 2010-02-08 15:01 10134 ----a-r- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2010-02-07 16:48 . 2009-03-17 17:14 -------- d-----w- c:\program files\QuickTime
2010-02-07 16:48 . 2009-03-17 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-07 16:47 . 2010-02-07 16:47 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 16:46 . 2010-02-07 16:46 -------- d-----w- c:\program files\Apple Software Update
2010-02-07 16:46 . 2010-02-07 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-05 07:11 . 2008-03-29 16:11 -------- d-----w- c:\program files\Google
2010-02-01 03:55 . 2009-08-09 07:13 -------- d-----w- c:\program files\MSBuild
2010-02-01 03:51 . 2010-02-01 03:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-01 03:40 . 2010-02-01 03:40 537872064 ----a-w- c:\program files\Microsoft The Ultimate Steal.exe
2010-01-31 05:06 . 2009-12-10 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-29 04:07 . 2010-01-29 04:07 -------- d-----w- c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\SUPERAntiSpyware.com
2010-01-29 04:07 . 2010-01-29 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\program files\Yontoo Layers Client
2010-01-28 19:01 . 2010-01-28 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-01-21 21:05 . 2010-01-28 19:01 108544 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2010-01-21 21:05 . 2010-01-28 19:01 168448 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2009-12-31 16:50 . 2002-08-29 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-16 15:18 . 2009-08-16 15:13 92832152 ----a-w- c:\program files\Setup_FlipShare.exe
2009-07-29 17:41 . 2009-07-29 17:41 6782 ----a-w- c:\program files\Tara July 2009.m3u
2009-07-15 09:01 . 2009-07-15 09:01 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-01-21 21:05 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-02-25 1957888]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"Jenkat Arcade"="c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Jenkat\Jenkat Games Arcade\notifyapp.exe" [2010-03-15 524288]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 2550272]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-07 536184]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-8 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-8-8 374104]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 13:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\TARA.HP-AYUOC1CQ7JDJ\\My Documents\\web browser\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/14/2009 11:24 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/14/2009 11:24 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/14/2009 11:24 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/14/2009 11:24 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/14/2009 11:24 PM 297752]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [5/25/2008 11:04 PM 29856]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate1ca0823e2136a62;Google Update Service (gupdate1ca0823e2136a62);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 11:49 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 SASENUM;SASENUM;\??\c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\TARA~1.HP-\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-29 02:01]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 03:49]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 03:49]

2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{BBA3EDB2-EA9D-4E16-B527-D8245650ADC7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: 0.0.0.0
Trusted Zone: chase.com
Trusted Zone: ebay.com\www
Trusted Zone: facebook.com\www
Trusted Zone: motive.com\patttbc.att
Trusted Zone: myspace.com\www
Trusted Zone: yahoo.com\login
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Mozilla\Firefox\Profiles\hvfrgs7c.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\plugins\npkimi.dll
FF - plugin: c:\program files\GoBit Games\BrowserPlugin\npgobitgamesplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("ui.use_native_colors", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("svg.smil.enabled", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.debug", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\all.js - pref("html5.enable", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\documents and settings\TARA.HP-AYUOC1CQ7JDJ\My Documents\web browser\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-28 12:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-28 12:44:34
ComboFix-quarantined-files.txt 2010-03-28 16:44
ComboFix2.txt 2010-03-27 19:58

Pre-Run: 51,944,919,040 bytes free
Post-Run: 51,884,634,112 bytes free

- - End Of File - - 789A8CA5EB1B8056AEA7D6FAB4D49F7E

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Sun Mar 28, 2010 5:02 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by kyle_and_tara317 on Sun Mar 28, 2010 5:22 pm

It is running a lot better now. Thank you! How can I make sure it does not happen again?

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Mon Mar 29, 2010 12:08 am

We'll do one more scan.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by kyle_and_tara317 on Mon Mar 29, 2010 12:32 am

It did not prompt me to run ActiveX.

kyle_and_tara317
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-03-25
OS OS : Windows XP
Points Points : 24663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E spyware

Post by Belahzur on Mon Mar 29, 2010 6:18 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum