Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVirus Soft, This thing is Evil!


  • This topic is locked This topic is locked
15 replies to this topic

#1 Kate Hernandez

Kate Hernandez

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 11 September 2010 - 05:00 PM

I am getting constant pop-ups that say I have a virus. I can't use Internet Explorer at all on my PC (Firefox Browser is working) and I can't run any .exe files because it immediately stops them. I have tried going thru all of the steps to download various files, but I can't run them, so I can't create the logs you need to see what is controlling my PC. I hope you can tell me something that will help.


BC AdBot (Login to Remove)

 


#2 Kate Hernandez

Kate Hernandez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 13 September 2010 - 06:23 PM

Title was: Have "Security Suite" Virus/Malware, Has disabled running of most .exe files, Can't Remove it, NEED HELP ~ OB

To All Malware Gurus, Please Help!

I have been reading extensively on your site about the various Virsuses and Malware out there and for the first-time in 6.5 years I have one that is a doosey!

The pop-up boxes that are afflicting me say I have 32 viruses, trojans and spyware, and are redirecting me to a site called "Security Suite" to clean and protect my system. That program is disabling the running of almost all .exe programs. mad.gif

What I have done so far: I downloaded mbam-setup.exe to a nearby computer, and I changed the name of the file to iexplore.exe. I copied that file and placed it on the desktop of the infected computer, and ran it, but I unchecked the boxes to Update and Launch Malwarebytes and Anti-Malware. Then I went to the folder:
C:\program files\Malwarebyte's Anti-Malware\ and renamed the 'mbam.exe' to 'iexplore.exe'. When I double-clicked it I got these 2 error messages: 1) Run-time Error "0". 2) Run-time Error '440' Automation Error. I'm stuck here, and I really need some direction from one of your gurus.

I do have the infected computer networked to other machines in my office, but I don't know if the virus can jump from one machine to another. I need to know if I can copy data files from the infected machine to a USB key, or an external drive, without infecting that drive, and without infecting the other computer. I am also wondering if I can double-click on the .exe files through the network, so that they activate on the infected computer (and fix it), or will that just screw up the current working PC.

It is my main business computer that in infected and I am absolutely Dying without that PC. Please Help!!

Kate - Crying in Michigan

Edited by Orange Blossom, 13 September 2010 - 06:25 PM.
Merged topics. ~ OB


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:17 AM

Posted 17 September 2010 - 04:38 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Kate Hernandez

Kate Hernandez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 19 September 2010 - 06:25 PM

Hi Elise:
Thank you so much for your help! I was so thrilled to get your message. (I was surprised when I turned on the infected machine today. So far I haven't had a single pop-up or virus message. I think it's just trying to lull me into a false sense of security so it can stomp on me again.)

I installed OTL and Rootkit Unhooker and ran them all successfully.

These are the reports:

OTL.txt
OTL logfile created on: 9/19/2010 5:06:45 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Kate SchuttHernandez\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 3.20 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive D: | 97.94 Gb Total Space | 31.22 Gb Free Space | 31.88% Space Free | Partition Type: NTFS
Drive E: | 102.53 Gb Total Space | 24.95 Gb Free Space | 24.33% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Unable to calculate disk information.

Computer Name: DELL-DJ45CD51
Current User Name: Kate SchuttHernandez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/19 16:57:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\OTL.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/08/05 12:36:20 | 000,105,664 | ---- | M] (Leader Technologies Inc.) -- C:\Program Files\LTCM Client\ltcmScheduler.exe
PRC - [2009/07/08 09:12:00 | 000,243,008 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
PRC - [2009/07/08 09:11:32 | 000,406,840 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2009/06/05 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/23 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIFRA.EXE
PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtProc.exe
PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/01/15 20:44:39 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/09/06 14:53:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/11/17 16:38:48 | 000,188,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
PRC - [2004/08/05 16:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/07/27 19:43:49 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/03/23 12:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/03/26 10:15:24 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2003/02/20 16:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2002/06/30 21:02:00 | 000,062,464 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\E_S00RP2.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/19 16:57:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/03/08 10:36:28 | 000,207,872 | ---- | M] () -- C:\WINDOWS\ohijugeru.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 00:56:46 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\opengl32.dll
MOD - [2004/08/04 00:56:44 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ddraw.dll
MOD - [2004/08/04 00:56:44 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\glu32.dll
MOD - [2004/08/04 00:56:44 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\dciman32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/02/20 16:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/11/17 16:38:48 | 000,188,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe -- (EpsonBidirectionalAgent)
SRV - [2004/08/05 16:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2002/06/30 21:02:00 | 000,062,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\SYSTEM32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/06/26 16:59:50 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/26 16:59:50 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/15 21:41:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/07/27 19:43:51 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/05/29 17:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/05/28 10:57:50 | 000,730,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/11/21 16:05:02 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/08/18 20:02:00 | 000,027,111 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\epppdt.sys -- (epppdt)
DRV - [2003/08/18 20:02:00 | 000,014,523 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\epppdtpr.sys -- (epppdtpr)
DRV - [2003/03/27 10:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 15:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 15:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 15:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 15:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/26 10:17:14 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/03/26 10:17:12 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/03/26 10:17:10 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/03/26 10:15:28 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/03/26 10:15:02 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/03/13 14:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2003/03/06 09:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 16:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2003/02/20 16:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 16:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 16:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\scsiscan.sys -- (scsiscan)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/09 13:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/05/31 08:44:54 | 000,012,270 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2000/02/12 12:00:00 | 000,025,600 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ep1394pr.sys -- (ep1394pr)
DRV - [1999/09/10 06:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pictage.com/
IE - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.pictage.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {C4D47A9D-668B-43E7-9E1A-45ABB64497BE}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE}: C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE} [2010/09/11 14:03:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 16:54:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/12 13:10:29 | 000,000,000 | ---D | M]

[2010/08/11 16:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Mozilla\Extensions
[2010/08/11 16:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Mozilla\Firefox\Profiles\dhnl76ru.default\extensions
[2010/08/11 16:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\_lib.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [abscqwif] C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\snulfykms\kndrpwluqiw.exe (Security Suites Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [Auto EPSON Stylus CX6000 Series on DELLLAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Pro 4000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Pro 7600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [hhxybteb] C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\joclfqkev\kvhpwjvuqiw.exe (Security Suites Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Szuceku] C:\WINDOWS\ohijugeru.DLL ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [xkbjsrcm] C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\eorlfalnx\kmkcnpauqiw.exe (Security Suites Corporation)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [abscqwif] C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\snulfykms\kndrpwluqiw.exe (Security Suites Corporation)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [Artisan 810(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFRA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [Bduniwanomoha] C:\WINDOWS\seICTEA.DLL (Progressive Networks)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [EPSON Artisan 810 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFRA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [EPSON Stylus Pro 4000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [EPSON Stylus Pro 7600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [hhxybteb] C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\joclfqkev\kvhpwjvuqiw.exe (Security Suites Corporation)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
O4 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007..\Run: [xkbjsrcm] C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\eorlfalnx\kmkcnpauqiw.exe (Security Suites Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Kate SchuttHernandez\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2897172240-1466163839-2973833985-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://samsclubus.pnimedia.com/upload/acti...upv2.0.0.11.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{278f88b0-6d33-11dc-b1cf-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{278f88b0-6d33-11dc-b1cf-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{278f88b0-6d33-11dc-b1cf-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ad7bfaa6-5b60-11dc-b1bc-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ad7bfaa6-5b60-11dc-b1bc-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad7bfaa6-5b60-11dc-b1bc-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e076fd5e-ce43-11de-b499-00111127f51c}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{e076fd5e-ce43-11de-b499-00111127f51c}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/19 17:03:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\OTL.exe
[2010/09/13 17:24:03 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\iexplore.exe
[2010/09/13 16:05:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/13 16:05:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/13 16:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/13 16:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/13 14:46:29 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\iexplorer.exe
[2010/09/11 16:22:01 | 000,000,000 | ---D | C] -- D:\Kate SchuttHernandez\My Documents\Downloads
[2010/09/11 14:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE}
[2010/09/11 14:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\eorlfalnx
[2010/09/11 14:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\joclfqkev
[2010/09/11 14:01:53 | 000,245,248 | ---- | C] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1710735.exe
[2010/09/11 14:01:53 | 000,073,728 | ---- | C] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1710734.exe
[2010/09/11 14:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\snulfykms
[2010/09/11 14:01:44 | 000,245,248 | ---- | C] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1702047.exe
[2010/09/11 14:01:44 | 000,073,728 | ---- | C] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1702046.exe
[2010/09/11 14:01:41 | 000,245,248 | ---- | C] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1699422.exe
[2010/09/11 14:01:41 | 000,073,728 | ---- | C] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1699421.exe
[2010/09/11 14:01:37 | 000,245,248 | ---- | C] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1695297.exe
[2010/09/11 14:01:37 | 000,073,728 | ---- | C] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1695296.exe
[2010/09/10 15:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2010/09/08 17:42:40 | 000,000,000 | ---D | C] -- D:\Kate SchuttHernandez\My Documents\Adobe
[2010/08/15 21:41:20 | 000,000,000 | ---D | C] -- D:\Kate SchuttHernandez\My Documents\AdobeStockPhotos
[2010/08/13 19:40:07 | 000,000,000 | ---D | C] -- D:\Kate SchuttHernandez\My Documents\ZZZ-Web Selections
[2010/08/11 16:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\Mozilla
[2010/08/11 16:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Mozilla
[2010/08/11 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/30 12:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/30 12:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/30 12:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/30 12:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/30 12:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/29 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/29 16:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/29 16:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/29 16:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/29 16:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/29 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/07/01 14:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Leader Technologies
[2010/07/01 14:19:23 | 000,000,000 | ---D | C] -- D:\Kate SchuttHernandez\My Documents\My Print Creations
[2010/07/01 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\LTCM Client
[2010/07/01 14:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\ArcSoft
[2010/07/01 14:19:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/07/01 14:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/07/01 14:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/07/01 14:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\ArcSoft
[2010/07/01 14:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\.oit
[2010/07/01 14:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\NewSoft
[2010/07/01 14:17:06 | 000,000,000 | ---D | C] -- D:\Kate SchuttHernandez\My Documents\My PageManager
[2010/07/01 14:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewSoft
[2010/07/01 14:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2010/07/01 14:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\color
[2010/07/01 14:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Epson
[2010/07/01 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/07/01 14:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2004/07/27 19:40:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/19 17:08:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/09/19 17:01:46 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/09/19 17:01:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/19 17:01:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/09/19 16:58:33 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\RKUnhookerLE.EXE
[2010/09/19 16:57:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\OTL.exe
[2010/09/14 20:01:10 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/09/14 20:01:10 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/09/14 20:01:10 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/09/14 20:01:10 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/09/14 20:01:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/09/14 20:01:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/09/14 20:01:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2010/09/14 20:01:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2010/09/14 20:00:48 | 018,087,936 | -H-- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\NTUSER.DAT
[2010/09/14 20:00:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\NTUSER.INI
[2010/09/14 20:00:39 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF
[2010/09/13 16:05:56 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 14:42:30 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\iexplorer.exe
[2010/09/13 14:42:30 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\iexplore.exe
[2010/09/11 19:41:24 | 000,002,838 | ---- | M] () -- C:\WINDOWS\etufiqemaqa.dll
[2010/09/11 16:49:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/11 16:38:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\gmer.zip
[2010/09/11 16:30:18 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\dds.scr
[2010/09/11 16:21:53 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\Defogger.exe
[2010/09/11 16:09:58 | 000,002,838 | ---- | M] () -- C:\WINDOWS\Hwoqadunujaneca.dat
[2010/09/11 16:04:14 | 000,002,838 | ---- | M] () -- C:\WINDOWS\uzuqoyamuko.dll
[2010/09/11 14:34:53 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/09/11 14:34:38 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/09/11 14:03:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gxematoqe.bin
[2010/09/11 14:01:53 | 000,245,248 | ---- | M] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1710735.exe
[2010/09/11 14:01:53 | 000,073,728 | ---- | M] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1710734.exe
[2010/09/11 14:01:44 | 000,245,248 | ---- | M] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1702047.exe
[2010/09/11 14:01:44 | 000,073,728 | ---- | M] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1702046.exe
[2010/09/11 14:01:41 | 000,245,248 | ---- | M] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1699422.exe
[2010/09/11 14:01:41 | 000,073,728 | ---- | M] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1699421.exe
[2010/09/11 14:01:37 | 000,245,248 | ---- | M] (Security Suites Corporation) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1695297.exe
[2010/09/11 14:01:37 | 000,073,728 | ---- | M] (Progressive Networks) -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\1695296.exe
[2010/09/10 15:00:47 | 000,000,090 | ---- | M] () -- C:\WINDOWS\EPART810.ini
[2010/09/10 14:58:15 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/09/10 14:56:12 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print Creations.lnk
[2010/09/10 14:54:31 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Artisan 810 Info Center.lnk
[2010/09/10 14:53:58 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2010/09/09 16:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/03 18:42:09 | 000,158,720 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\Files on DVD.doc
[2010/09/01 19:36:25 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 19:35:46 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 9 Photo Manager.lnk
[2010/08/24 18:57:32 | 002,484,224 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\Screen Prints of Old Website.doc
[2010/08/20 13:57:48 | 000,019,968 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\What is the maximum range of movement of the joint.doc
[2010/08/16 17:58:31 | 000,023,552 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\Dear Leonard.doc
[2010/08/11 16:54:20 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 16:54:20 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/07 19:18:51 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\Burrell Digital Printing.lnk
[2010/08/02 17:11:31 | 000,024,064 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\Dan McGowan Emails.doc
[2010/07/29 17:18:14 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Favorites.url
[2010/07/29 16:47:59 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/29 16:34:06 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/29 16:34:06 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/22 16:16:42 | 000,137,016 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\PopularScreenSavers.exe
[2010/07/19 18:32:10 | 000,022,016 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\Sorry-Leecis.doc
[2010/07/10 17:22:33 | 001,083,904 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\TeeShirt3.ppt
[2010/07/09 21:22:22 | 001,780,157 | ---- | M] () -- D:\Kate SchuttHernandez\My Documents\TeeShirt4.pptx
[2010/07/05 22:03:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2010/07/01 14:53:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NULL
[2010/07/01 14:33:56 | 000,001,278 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\MyEpson.lnk
[2010/07/01 14:17:06 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Presto! PageManager 8.15.01 SE.lnk
[2010/07/01 14:16:45 | 000,000,264 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/06/29 16:48:23 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/29 16:46:57 | 000,461,032 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/29 16:46:57 | 000,396,542 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/29 16:46:57 | 000,060,112 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/19 17:03:49 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\RKUnhookerLE.EXE
[2010/09/13 16:05:56 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 19:41:24 | 000,002,838 | ---- | C] () -- C:\WINDOWS\etufiqemaqa.dll
[2010/09/11 16:40:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\dds.scr
[2010/09/11 16:40:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\gmer.zip
[2010/09/11 16:40:30 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\Defogger.exe
[2010/09/11 16:04:14 | 000,002,838 | ---- | C] () -- C:\WINDOWS\uzuqoyamuko.dll
[2010/09/11 14:03:21 | 000,002,838 | ---- | C] () -- C:\WINDOWS\Hwoqadunujaneca.dat
[2010/09/11 14:03:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gxematoqe.bin
[2010/08/24 17:19:12 | 002,484,224 | ---- | C] () -- D:\Kate SchuttHernandez\My Documents\Screen Prints of Old Website.doc
[2010/08/20 13:57:47 | 000,019,968 | ---- | C] () -- D:\Kate SchuttHernandez\My Documents\What is the maximum range of movement of the joint.doc
[2010/08/11 16:54:20 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 16:54:20 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/02 17:11:30 | 000,024,064 | ---- | C] () -- D:\Kate SchuttHernandez\My Documents\Dan McGowan Emails.doc
[2010/07/31 20:03:00 | 000,023,552 | ---- | C] () -- D:\Kate SchuttHernandez\My Documents\Dear Leonard.doc
[2010/07/29 17:18:14 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Favorites
[2010/07/29 16:49:29 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/29 16:47:59 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/29 16:34:06 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/29 16:34:06 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/22 16:16:42 | 000,137,016 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\PopularScreenSavers.exe
[2010/07/10 17:43:44 | 001,780,157 | ---- | C] () -- D:\Kate SchuttHernandez\My Documents\TeeShirt4.pptx
[2010/07/09 11:06:13 | 001,083,904 | ---- | C] () -- D:\Kate SchuttHernandez\My Documents\TeeShirt3.ppt
[2010/07/05 22:03:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/07/01 16:45:04 | 000,022,016 | ---- | C] () -- D:\Kate SchuttHernandez\My Documents\Sorry-Leecis.doc
[2010/07/01 14:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\NULL
[2010/07/01 14:33:56 | 000,001,278 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Desktop\MyEpson.lnk
[2010/07/01 14:18:45 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print Creations.lnk
[2010/07/01 14:17:06 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Presto! PageManager 8.15.01 SE.lnk
[2010/07/01 14:16:34 | 000,000,264 | ---- | C] () -- C:\WINDOWS\setup.iss
[2010/07/01 14:14:31 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Artisan 810 Info Center.lnk
[2010/07/01 14:13:58 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2010/07/01 14:05:09 | 000,000,090 | ---- | C] () -- C:\WINDOWS\EPART810.ini
[2010/06/29 16:48:23 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2009/08/24 18:09:47 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/04 14:08:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uesviewer.INI
[2008/01/15 19:07:21 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2008/01/15 19:07:21 | 000,000,193 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/10/03 16:12:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2007/10/02 14:38:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/06/21 13:40:10 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\PageGalleryPrefs.ini
[2005/11/10 18:24:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/04/11 22:29:29 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\Cbndll.dll
[2005/04/11 22:27:11 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/04/11 22:27:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2005/04/11 22:27:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2005/04/11 22:27:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/12/13 18:20:36 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/08 18:38:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/09/28 17:50:56 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/09/28 17:50:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/09/24 19:13:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/09/24 19:08:09 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\DICEMLT002.dll
[2004/09/24 19:08:09 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2887.dll
[2004/09/24 19:04:19 | 000,000,251 | ---- | C] () -- C:\WINDOWS\EPSON 2450 Installer.ini
[2004/09/03 17:37:08 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2004/09/03 15:37:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/07/27 19:52:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/27 19:47:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/27 19:42:43 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/27 19:40:20 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/07/27 19:40:06 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/07/27 19:40:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/27 19:40:05 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/07/27 19:40:05 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/07/27 19:39:46 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/07/27 19:36:25 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/27 19:25:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/27 19:25:06 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/27 19:07:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/24 01:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 05:00:00 | 000,207,872 | ---- | C] () -- C:\WINDOWS\ohijugeru.dll
[2002/08/29 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[2002/08/29 05:00:00 | 000,021,142 | ---- | C] () -- C:\WINDOWS\msv1_0.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2007/04/15 21:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008/07/28 14:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anthropics
[2010/04/22 14:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Camera Bits, Inc
[2010/07/01 15:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/03 22:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/08/11 18:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/04 14:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2004/07/27 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/29 16:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/27 15:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/19 17:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\.oit
[2004/09/03 14:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\ACD Systems
[2008/03/26 20:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Anthropics
[2010/04/21 19:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Camera Bits, Inc
[2007/10/11 16:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Canon
[2010/08/23 08:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Epson
[2004/09/03 15:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\InterTrust
[2010/07/01 14:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Leader Technologies
[2004/09/03 20:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Leadertech
[2006/08/27 13:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Opera
[2006/03/01 17:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Pictographics
[2007/05/23 15:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate SchuttHernandez\Application Data\Viewpoint
[2009/03/28 19:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2004/08/28 18:40:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1957F8A9
< End of report >


EXTRAS.txt
OTL Extras logfile created on: 9/19/2010 5:06:45 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Kate SchuttHernandez\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 3.20 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive D: | 97.94 Gb Total Space | 31.22 Gb Free Space | 31.88% Space Free | Partition Type: NTFS
Drive E: | 102.53 Gb Total Space | 24.95 Gb Free Space | 24.33% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Unable to calculate disk information.

Computer Name: DELL-DJ45CD51
Current User Name: Kate SchuttHernandez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\NewSoft\Presto! PageManager 8 for EP\LicenseCheck.exe" = C:\Program Files\NewSoft\Presto! PageManager 8 for EP\LicenseCheck.exe:*:Enabled:License Check -- (NewSoft Technology Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon Camera WIA Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E8A4742-880F-4C30-B5C8-425160EA9D73}" = Kodak DIGITAL GEM Professional Plug-In 1.0.1
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{444D0521-C5A5-439E-A039-2D1EE8035F9F}" = PictureGear 4.4Lite
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5FD281D7-3EBF-47DF-ACE3-40D6FB0C220D}" = Kodak DIGITAL ROC Professional Plug-In 1.0.2
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B14FCEE-A1D6-4CF3-B6EF-C0DDA98F978C}" = Genuine Fractals PrintPro
"{6EA6D4E3-134D-4A11-AF2A-7986F61BB2F6}" = ImageRescue3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{757E0E87-8F54-46FD-BA00-54CCF341F4A9}" = ArcSoft Print Creations
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B16DD39B-C0EC-4283-9415-A4E0F7673CB3}" = Kodak DIGITAL GEM Plug-In 1.1.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B21D407F-709E-499D-A7C4-17A76B7D9D68}" = Kodak DIGITAL SHO Professional Plug-In 1.0.2
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B5C6EFA8-B50D-43A8-80C0-23DB807A7FB1}" = Kodak DIGITAL ROC Plug-In 1.1.2
"{B651B3EC-1827-4CF5-8398-397B789E3151}" = File Viewer Utility 1.2.1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = RemoteCapture 2.7.1
"{D1532C5A-C1A1-11D6-8A44-00D0B71AF8DB}" = ASF Digital ROC 1.1.1 and Digital SHO 1.1.1 Plug-Ins
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D7B8DFFA-7D03-4B32-900E-D235B73582C1}" = BullZEye3 5.0 Demo
"{D84E3D9A-54EF-4DF5-B8F0-7FAAA2DFE59D}" = Minolta DiMAGE Scan Multi PRO ver 1.0
"{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II
"{DE1A361F-31DC-4AC5-ABBA-2323BC505880}" = LexarMedia ImageRescue Software
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F1DC2361-36FE-4C2D-9E60-BDF9570114D9}" = BullZEye3 5.0
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4743672-FA5E-463E-BC4E-688D9CE6FEC2}" = Retrospect 5.6
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Album_Showcase" = Showit Web
"Applet_App" = Applet_App
"Applet_Copy" = Applet_Copy
"Applet_Email" = Applet_Email
"Applet_Epp" = Applet_Epp
"Applet_File" = Applet_File
"Applet_OCR" = Applet_OCR
"Applet_Photoshop" = Applet_Photoshop
"Applet_Web" = Applet_Web
"ATI Display Driver" = ATI Display Driver
"BookSmartŪ 2.6.0 2.6.0" = BookSmartŪ 2.6.0 2.6.0
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Copy Utility" = Copy Utility
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dfine" = Dfine
"DPP" = Canon Utilities Digital Photo Professional 3.1
"Eclipse_3.4.5" = Eclipse 3.5
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Photo Print" = EPSON Photo Print
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Smart Panel" = EPSON Smart Panel
"EPSON1394D3Printer" = EPSON 1394.3 Printer Devices
"Epson1394Printer" = EPSON IEEE1394 Printer Devices
"Focus Magic" = Focus Magic
"GENEUIDE" = USB Storage Driver
"GSview 4.6" = GSview 4.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon EOS 10D WIA Driver
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{B651B3EC-1827-4CF5-8398-397B789E3151}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"InstallShield_{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = Canon Utilities RemoteCapture 2.7
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"LTCM Client" = LTCM Client
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ODSK" = Canon Utilities Original Data Security Tools
"Page Gallery" = Page Gallery
"PF 2450 PHOTO Guide" = PF 2450 PHOTO Guide
"Photo Mechanic 4.6.3" = Photo Mechanic 4.6.3
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Portrait Professional 6_is1" = Portrait Professional 6.5
"Portrait Professional 8 Trial_is1" = Portrait Professional 8.0 Trial
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Showit Borders" = Showit Borders 1.0
"Showit Effects" = Showit Effects 2.0
"Showit_Web" = Showit Web
"Showit_Web2" = Showit Web
"Showit_Web2.5" = Showit Web 2.5
"SilverFast TWAIN V4" = SilverFast TWAIN
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows XP Service Pack" = Windows XP Service Pack 2
"winscp3_is1" = WinSCP 3.8.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2897172240-1466163839-2973833985-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bay Photo" = Bay Photo
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2010 1:26:03 PM | Computer Name = DELL-DJ45CD51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/18/2010 1:26:03 PM | Computer Name = DELL-DJ45CD51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/19/2010 2:53:58 PM | Computer Name = DELL-DJ45CD51 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module unknown, version 0.0.0.0, fault address 0x038d21d9.

Error - 8/22/2010 6:06:02 PM | Computer Name = DELL-DJ45CD51 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module urlmon.dll, version 7.0.6000.16640, fault address 0x0001f74d.

Error - 8/22/2010 6:11:06 PM | Computer Name = DELL-DJ45CD51 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module urlmon.dll, version 7.0.6000.16640, fault address 0x0001c592.

Error - 8/25/2010 8:14:45 PM | Computer Name = DELL-DJ45CD51 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module msls31.dll, version 3.10.349.0, fault address 0x0000216c.

Error - 8/26/2010 4:01:14 PM | Computer Name = DELL-DJ45CD51 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module unknown, version 0.0.0.0, fault address 0x040e21d9.

Error - 8/30/2010 6:33:09 PM | Computer Name = DELL-DJ45CD51 | Source = Application Error | ID = 1000
Description = Faulting application acdseeqv.exe, version 1.0.99.4, faulting module
acdseeqv.exe, version 1.0.99.4, fault address 0x00014598.

Error - 8/30/2010 6:44:13 PM | Computer Name = DELL-DJ45CD51 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2010 4:34:05 PM | Computer Name = DELL-DJ45CD51 | Source = MBAMService | ID = 131073
Description =

[ System Events ]
Error - 8/26/2010 4:46:03 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.116 on
the Network Card with network address 00111127F51C.

Error - 8/27/2010 4:46:18 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.122 on
the Network Card with network address 00111127F51C.

Error - 8/28/2010 7:41:03 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.124 for the Network Card with network
address 00111127F51C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/1/2010 1:45:19 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 00111127F51C.

Error - 9/1/2010 6:57:01 PM | Computer Name = DELL-DJ45CD51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\D.

Error - 9/1/2010 10:01:25 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 00111127F51C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/9/2010 5:43:16 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.101 on
the Network Card with network address 00111127F51C.

Error - 9/10/2010 5:43:27 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 00111127F51C.

Error - 9/11/2010 5:30:27 PM | Computer Name = DELL-DJ45CD51 | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

Error - 9/11/2010 5:43:40 PM | Computer Name = DELL-DJ45CD51 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 00111127F51C.


< End of report >


RKUnhooker Report
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2252800 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2252800 bytes
0x804D7000 RAW 2252800 bytes
0x804D7000 WMIxWDM 2252800 bytes
0xBFA46000 C:\WINDOWS\System32\ati3duag.dll 1916928 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBA316000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 843776 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB0EB9000 C:\WINDOWS\System32\drivers\ha10kx2k.sys 774144 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBFC1A000 C:\WINDOWS\System32\ativvaxx.dll 507904 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xACBA9000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA34A3000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 471040 bytes
0xF744D000 iaStor.sys 471040 bytes (Intel Corporation, Intel Application Accelerator driver)
0xB9A04000 C:\WINDOWS\system32\drivers\ctaud2k.sys 458752 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xA96D8000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB922E000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA97DD000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA21C0000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA223A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA989F000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 241664 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xBFA0C000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF9D5000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xA985A000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9F72000 C:\WINDOWS\System32\DRIVERS\b57xp32.sys 188416 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xA231B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF786A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9718000 C:\WINDOWS\system32\drivers\ctoss2k.sys 176128 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xA9747000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9794000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB993B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB97AE000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9EED000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA9772000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA97BC000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FD000 ACPI_HAL 134400 bytes
0x806FD000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB0BAB000 C:\WINDOWS\System32\drivers\ctac32k.sys 131072 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xF742D000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB0B5A000 C:\WINDOWS\System32\drivers\hap16v2k.sys 131072 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xB9511000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 131072 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xB0C76000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 126976 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB0CCE000 C:\WINDOWS\System32\drivers\emupia2k.sys 110592 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xBAF45000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7404000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB93EC000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA248E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB95A7000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9FBD000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9835000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF741B000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA1C87000 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9314000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA4130000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBAFC0000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7557000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xAA03B000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF76C7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7667000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7507000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9C62000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBAF60000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7677000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7537000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7577000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA265000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB94B1000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA245000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA285000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA255000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7657000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xBAFD0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF74F7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA9FDC000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB94C1000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBAFA0000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF75F7000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA215000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAA02B000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA3BBC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xAA04B000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xAA416000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA1C3000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA1BB000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA1F3000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA1DB000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7747000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF772F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xAA88B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77BF000 C:\WINDOWS\System32\Drivers\dvd_2K.SYS 20480 bytes (Roxio, DVD-RAM AddOn Driver)
0xB09E1000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xAA41E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA1CB000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7817000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF774F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77F7000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF771F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF777F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA3B88000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAB37A000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBAE84000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)
0xF793F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAFCA3000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA2216000 C:\WINDOWS\System32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xBAE70000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA3D12000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBAE6C000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA7C7000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBAF15000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7937000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xAA1E8000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB00A1000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xAFDC2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79B3000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xAFDC8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79FF000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAAF11000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB00A3000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xAAF09000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79BD000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79C9000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA211000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAAB49000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xAAB47000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xBA7DF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAAB46000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xA9D0F000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
==============================================
>Stealth
==============================================

Nothing detected sad.gif


Please let me know what to do next. I am hopeful that we might be able to fix it together. Thanks again for your help.
Regards,
Kate E. Schutt Hernandez

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:17 AM

Posted 20 September 2010 - 03:38 AM

Hi Kate, its actually a good thing if a rootkit detector doesn't find an infection. smile.gif

I see indeed still active rogue components in your OTL log.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Kate Hernandez

Kate Hernandez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 20 September 2010 - 07:59 PM

Hi Elise:
I ran ComboFix. This is the log it produced.

ComboFix 10-09-20.02 - Kate SchuttHernandez 09/20/2010 19:23:43.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2720 [GMT -5:00]
Running from: c:\documents and settings\Kate SchuttHernandez\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kate SchuttHernandez\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Kate SchuttHernandez\g2mdlhlpx.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE}
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE}\chrome.manifest
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE}\chrome\content\_cfg.js
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE}\chrome\content\overlay.xul
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\{C4D47A9D-668B-43E7-9E1A-45ABB64497BE}\install.rdf
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1695296.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1695297.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1699421.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1699422.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1702046.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1702047.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1710734.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\1710735.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\eorlfalnx
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\eorlfalnx\kmkcnpauqiw.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\joclfqkev
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\joclfqkev\kvhpwjvuqiw.exe
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\snulfykms
c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\snulfykms\kndrpwluqiw.exe
c:\program files\Shared\_lIB.dll
c:\program files\Shared\_lib.sig
c:\program files\Shared\lib.dll
c:\program files\Shared\lib.sig
c:\windows\etufiqemaqa.dll
c:\windows\ohijugeru.dll
c:\windows\seICTEA.dll
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
c:\windows\uzuqoyamuko.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-13 21:05 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 21:05 . 2010-09-13 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 21:05 . 2010-09-13 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-13 21:05 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 19:03 . 2010-09-11 21:09 2838 ----a-w- c:\windows\Hwoqadunujaneca.dat
2010-09-11 19:03 . 2010-09-11 19:03 0 ----a-w- c:\windows\Gxematoqe.bin
2010-09-10 20:00 . 2010-09-10 20:01 -------- d-----w- c:\program files\EpsonNet
2010-09-10 20:00 . 2008-12-01 18:00 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-09-10 20:00 . 2008-12-01 18:00 457611 ----a-w- c:\windows\system32\enppui.dll
2010-09-10 20:00 . 2008-12-01 17:58 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-09-10 20:00 . 2008-12-01 17:58 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-09-10 20:00 . 2008-06-18 16:49 249344 ----a-w- c:\windows\system32\enspres.dll
2010-09-10 20:00 . 2008-06-18 16:49 249344 ----a-w- c:\windows\system32\enpres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 00:31 . 2010-07-01 19:17 -------- d-----w- c:\documents and settings\Kate SchuttHernandez\Application Data\.oit
2010-09-21 00:29 . 2004-07-28 00:44 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-21 00:29 . 2004-07-28 00:44 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-21 00:27 . 2010-05-19 18:02 -------- d-----w- c:\program files\Shared
2010-09-10 20:01 . 2004-07-28 00:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-10 20:00 . 2004-09-24 21:48 -------- d-----w- c:\program files\Common Files\EPSON
2010-09-10 19:58 . 2010-07-01 19:08 -------- d-----w- c:\program files\Epson Software
2010-09-03 22:52 . 2010-07-01 19:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-08-23 13:19 . 2010-07-01 19:09 -------- d-----w- c:\documents and settings\Kate SchuttHernandez\Application Data\Epson
2010-08-12 18:10 . 2010-07-30 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-11 23:24 . 2008-03-27 01:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-11 22:00 . 2010-08-11 22:00 2826192 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-30 17:47 . 2010-07-30 17:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-30 17:46 . 2010-07-30 17:46 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-29 21:49 . 2010-07-29 21:48 -------- d-----w- c:\program files\iTunes
2010-07-29 21:49 . 2010-07-29 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-29 21:49 . 2010-07-29 21:49 -------- d-----w- c:\program files\iPod
2010-07-29 21:49 . 2009-07-27 20:42 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 21:48 . 2010-07-29 21:47 -------- d-----w- c:\program files\QuickTime
2010-07-29 21:46 . 2010-07-29 21:46 -------- d-----w- c:\program files\Bonjour
2010-07-29 21:42 . 2010-07-29 21:42 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-29 21:34 . 2010-07-29 21:34 -------- d-----w- c:\program files\Safari
2010-07-29 21:32 . 2010-07-29 21:32 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"ltcmScheduler"="c:\program files\LTCM Client\ltcmScheduler.exe" [2009-08-05 105664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 149280]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 335872]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-07-28 26112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840]
"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

c:\documents and settings\Kate SchuttHernandez\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-3 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-3 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-3 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-1-15 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\NewSoft\\Presto! PageManager 8 for EP\\LicenseCheck.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [7/29/2009 7:39 PM 140184]
S3 ep1394pr;EPSON IEEE1394 Printer Class;c:\windows\SYSTEM32\DRIVERS\ep1394pr.sys [2/12/2000 12:00 PM 25600]
S3 epppdt;EPSON 1394.3 Class;c:\windows\SYSTEM32\DRIVERS\epppdt.sys [9/24/2004 4:47 PM 27111]
S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows\SYSTEM32\DRIVERS\epppdtpr.sys [9/24/2004 4:47 PM 14523]
S3 scsiscan;SCSI Scanner Driver;c:\windows\SYSTEM32\DRIVERS\scsiscan.sys [9/24/2004 7:18 PM 10880]
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2004-08-28 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:56]

2010-09-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-28 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pictage.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kate SchuttHernandez\Application Data\Mozilla\Firefox\Profiles\dhnl76ru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pictage.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EPSON Stylus Pro 7600 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
HKCU-Run-EPSON Stylus Pro 4000 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
HKCU-Run-Bduniwanomoha - c:\windows\seICTEA.dll
HKCU-Run-abscqwif - c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\snulfykms\kndrpwluqiw.exe
HKCU-Run-hhxybteb - c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\joclfqkev\kvhpwjvuqiw.exe
HKCU-Run-xkbjsrcm - c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\eorlfalnx\kmkcnpauqiw.exe
HKLM-Run-EPSON Stylus Pro 4000 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
HKLM-Run-EPSON Stylus Pro 7600 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
HKLM-Run-abscqwif - c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\snulfykms\kndrpwluqiw.exe
HKLM-Run-hhxybteb - c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\joclfqkev\kvhpwjvuqiw.exe
HKLM-Run-xkbjsrcm - c:\documents and settings\Kate SchuttHernandez\Local Settings\Application Data\eorlfalnx\kmkcnpauqiw.exe
HKLM-Run-Szuceku - c:\windows\ohijugeru.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 19:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Pro 7600 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "c:\windows\System32\E_S15.tmp"??????????????;??w????????u??w????W??w????????`?W??????????????????????????????????????????????????????????C?~?C?~ ??~HR???:?~a??w?]?w`?W????wLu?w????????O???????\??????
EPSON Stylus Pro 4000 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P21 "EPSON Stylus Pro 4000" /M "Stylus Pro 4000" /EF "HKCU"????&????I??????E????????????F?w????????????????????????????????????Nd?w????????????????8???????????~??w???????????????w???????????? N?w???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion*Eqovulineteriwed]
"Cpusi"=hex:43,01,43,03,34,05,33,07,38,09,38,0b,4d,0d,4b,0f,56,11,51,13,2c,15,
20,17,2c,19,2c,1b,5e,1d,2d,1f,19,21,12,23,60,25,1f,27,18,29,1b,2b,68,2d,1e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2904)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\MsPMSPSv.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\program files\Common Files\EPSON\EBAPI\eEBAgent.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\System32\locator.exe
.
**************************************************************************
.
Completion time: 2010-09-20 19:39:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-21 00:39

Pre-Run: 3,460,247,552 bytes free
Post-Run: 4,324,802,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2B0600D741413DAF8405051DD56F195C

I haven't had any pop-ups or Virus warnings today. Do you think it's fixed, or do we have more to do? Thank you so much for your help!
Kate Schutt Hernandez


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:17 AM

Posted 21 September 2010 - 04:03 AM

Hi Kate, things are looking quite good, but there is still some work to do. smile.gif

CF-SCRIPT
-------------
Open notepad and copy/paste the text in the quotebox below into it:

CODE
<http://www.bleepingcomputer.com/forums/index.php?showtopic=346697&view=findpost&p=1940666>

Collect::
c:\windows\Hwoqadunujaneca.dat
c:\windows\Gxematoqe.bin

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Kate Hernandez

Kate Hernandez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 21 September 2010 - 08:27 PM

Hi Elise:
I added CFScript.txt to Combofix and ran the program. This is the log file it produced.

ComboFix 10-09-21.01 - Kate SchuttHernandez 09/21/2010 20:04:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2851 [GMT -5:00]
Running from: c:\documents and settings\Kate SchuttHernandez\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kate SchuttHernandez\Desktop\CFScript.txt

file zipped: c:\windows\Gxematoqe.bin
file zipped: c:\windows\Hwoqadunujaneca.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\windows\Gxematoqe.bin
c:\windows\Hwoqadunujaneca.dat
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-13 21:05 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 21:05 . 2010-09-13 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 21:05 . 2010-09-13 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-13 21:05 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-10 20:00 . 2010-09-10 20:01 -------- d-----w- c:\program files\EpsonNet
2010-09-10 20:00 . 2008-12-01 18:00 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-09-10 20:00 . 2008-12-01 18:00 457611 ----a-w- c:\windows\system32\enppui.dll
2010-09-10 20:00 . 2008-12-01 17:58 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-09-10 20:00 . 2008-12-01 17:58 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-09-10 20:00 . 2008-06-18 16:49 249344 ----a-w- c:\windows\system32\enspres.dll
2010-09-10 20:00 . 2008-06-18 16:49 249344 ----a-w- c:\windows\system32\enpres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 20:19 . 2010-07-01 19:17 -------- d-----w- c:\documents and settings\Kate SchuttHernandez\Application Data\.oit
2010-09-21 02:15 . 2004-07-28 00:44 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-21 02:15 . 2004-07-28 00:44 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-10 20:01 . 2004-07-28 00:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-10 20:00 . 2004-09-24 21:48 -------- d-----w- c:\program files\Common Files\EPSON
2010-09-10 19:58 . 2010-07-01 19:08 -------- d-----w- c:\program files\Epson Software
2010-09-03 22:52 . 2010-07-01 19:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-08-23 13:19 . 2010-07-01 19:09 -------- d-----w- c:\documents and settings\Kate SchuttHernandez\Application Data\Epson
2010-08-12 18:10 . 2010-07-30 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-11 23:24 . 2008-03-27 01:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-11 22:00 . 2010-08-11 22:00 2826192 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-30 17:47 . 2010-07-30 17:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-30 17:46 . 2010-07-30 17:46 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-29 21:49 . 2010-07-29 21:48 -------- d-----w- c:\program files\iTunes
2010-07-29 21:49 . 2010-07-29 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-29 21:49 . 2010-07-29 21:49 -------- d-----w- c:\program files\iPod
2010-07-29 21:49 . 2009-07-27 20:42 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 21:48 . 2010-07-29 21:47 -------- d-----w- c:\program files\QuickTime
2010-07-29 21:46 . 2010-07-29 21:46 -------- d-----w- c:\program files\Bonjour
2010-07-29 21:42 . 2010-07-29 21:42 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-29 21:34 . 2010-07-29 21:34 -------- d-----w- c:\program files\Safari
2010-07-29 21:32 . 2010-07-29 21:32 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"ltcmScheduler"="c:\program files\LTCM Client\ltcmScheduler.exe" [2009-08-05 105664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 149280]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 335872]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-07-28 26112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840]
"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

c:\documents and settings\Kate SchuttHernandez\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-3 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-3 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-3 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-1-15 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\NewSoft\\Presto! PageManager 8 for EP\\LicenseCheck.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [7/29/2009 7:39 PM 140184]
S3 ep1394pr;EPSON IEEE1394 Printer Class;c:\windows\SYSTEM32\DRIVERS\ep1394pr.sys [2/12/2000 12:00 PM 25600]
S3 epppdt;EPSON 1394.3 Class;c:\windows\SYSTEM32\DRIVERS\epppdt.sys [9/24/2004 4:47 PM 27111]
S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows\SYSTEM32\DRIVERS\epppdtpr.sys [9/24/2004 4:47 PM 14523]
S3 scsiscan;SCSI Scanner Driver;c:\windows\SYSTEM32\DRIVERS\scsiscan.sys [9/24/2004 7:18 PM 10880]
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2004-08-28 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:56]

2010-09-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-28 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pictage.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kate SchuttHernandez\Application Data\Mozilla\Firefox\Profiles\dhnl76ru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pictage.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 20:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion*Eqovulineteriwed]
"Cpusi"=hex:43,01,43,03,34,05,33,07,38,09,38,0b,4d,0d,4b,0f,56,11,51,13,2c,15,
20,17,2c,19,2c,1b,5e,1d,2d,1f,19,21,12,23,60,25,1f,27,18,29,1b,2b,68,2d,1e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2010-09-21 20:11:19
ComboFix-quarantined-files.txt 2010-09-22 01:11
ComboFix2.txt 2010-09-21 00:39

Pre-Run: 4,296,495,104 bytes free
Post-Run: 4,275,548,160 bytes free

- - End Of File - - 565453F7A653EC4736C10B16E3F4D003
Upload was successful

Please let me know if there is something else to do. Thanks again for your help.
Kate Schutt Hernandez

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:17 AM

Posted 22 September 2010 - 04:07 AM

Hello again,

INSTALL ANTIVIRUS
---------------------------
I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Kate Hernandez

Kate Hernandez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 23 September 2010 - 12:41 PM

Hey There:
I installed Microsoft Security Essentials, the newest version of Java and MBAM. Attached is the log from MBAM.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4673

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/23/2010 12:04:19 PM
mbam-log-2010-09-23 (12-04-19).txt

Scan type: Full scan (C:\|D:\|E:\|I:\|)
Objects scanned: 279319
Time elapsed: 11 hour(s), 59 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kate SchuttHernandez\Desktop\PopularScreenSavers.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

It took 12 hours to scan the whole computer, but it was worth it. And while that was running, I've updated the same on my other two PCs, and I'm officially infection-free on all. Is there anything else to do? How do you guys get paid if you do this for free? I was ready to pull out my hair when that (fake) virus attacked me. I can't thank you enough for helping me! Really. . . THANKS!

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:17 AM

Posted 23 September 2010 - 01:12 PM

Hi, good to hear that! Only one last scan and some windows updating to do.

QUOTE
How do you guys get paid if you do this for free?
All Malware Response Team members are volunteers and we do this in out own time. Many have started here as well looking for help an we enjoy helping others just as we were helped ourselves at some point. smile.gif

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

UPDATE XP
--------------
Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.[/color]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:17 AM

Posted 27 September 2010 - 05:33 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Kate Hernandez

Kate Hernandez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 28 September 2010 - 10:54 AM

Hi Elise:
I'm still here, just was out sick a few days, but I'm back and feeling better. I ran the ESET Scan and am worried because there is one virus that it couldn't clean (Oficia.FO trojan). Also, there is a program I use frequently called LumaPix, and I think it deleted it, but don't understand why. Here's the detail:

C:\Documents and Settings\Kate SchuttHernandez\Application Data\Sun\Java\Deployment\cache\6.0\15\2478564f-14941653 Java/TrojanDownloader.Agent.NBU trojan deleted - quarantined
C:\Documents and Settings\Kate SchuttHernandez\Desktop\LumaPixSetup.exe a variant of Win32/Packed.Themida application deleted - quarantined
C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.bak Win32/Oficla.FO trojan unable to clean
C:\Documents and Settings\Kate SchuttHernandez\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx Win32/Oficla.FO trojan unable to clean
C:\Qoobox\Quarantine\C\Program Files\Shared\lib.dll.vir a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Shared\_lib.dll.vir a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1422\A0128134.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1422\A0128135.dll a variant of Win32/BHO.NMM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1437\A0129931.exe a variant of Win32/Packed.Themida application deleted - quarantined

It also took me quite a while to update all of my Microsoft operating system, but I am completely up to date now. The reason I hadn't updated it before was, I used to have a IT person who would come over every so often and update and monitor my machines, but every time he did a Microsoft update it would change other things in my software configurations and many of my programs wouldn't work. Then he moved away and I had no IT person so I decided I wouldn't do Microsoft updates unless absolutely necessary. I realize the foolishness in that now, and I have learned so much by this experience, I can't thank you enough. Thank you to You and all of the other volunteers on your site who not only help us recover from nightmares, but also those who write volumes on the many problems that can occur with our PCs and how to take care of them in the future. You really are terrific! clapping.gif By chance do you drink coffee or tea? Could I send you a Starbucks or a Dunkin Donuts Giftcard? I don't know what state you are in, but I know there's coffee just about everywhere. I really appreciate you spending so much time to help fix my machine. What can I do for you?

Thanks again.
Kate Schutt Hernandez
Near Detroit, Michigan

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:17 AM

Posted 28 September 2010 - 11:28 AM

Thank you for your kind words, you are most welcome. smile.gif
QUOTE
By chance do you drink coffee or tea? Could I send you a Starbucks or a Dunkin Donuts Giftcard? I don't know what state you are in, but I know there's coffee just about everywhere.
Unfortunately I am nowhere near (see profile), but I sure appreciate the sentiment! laugh.gif

Those uncleanable items are because of infected emails:

Infected Outlook Express
The online scan log indicates that there are infected emails in the Inbox folder in Outlook Express.

Please delete the emails in your Inbox folder - keep only the emails that are of extreme importance. After you finish deleting the emails, please right click on the Deleted Items folder and click Empty 'Deleted Items' Folder.

Having removed all your unwanted Emails completely it is now wise to Compact all your remaining Emails. Compacting makes the size of the folders smaller by compacting the files contained within them. All the Emails are still readable and still intact just smaller.

To do this click from the top toolbar File / Folder / Compact All Folders


ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Kate Hernandez

Kate Hernandez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 01 October 2010 - 04:57 PM

Hi Elise:
I have deleted as many emails as possible and compacted the folders, but is there a way to determine which emails are infected?? I know that if I get a pop-up telling me it's infected, I delete it right away, but if it's an old email remaining in the Inbox, how can I identify it? If I can't identify it, and I leave it in there, is my computer still at risk from that trojan Oficia.FO?

As far as the rest of the system, I think I'm in pretty good shape, thanks to you! I have read almost all of the supplemental info you recommended and I have cleaned up the rest of the hard drive.

Thanks Again for all of your help. Sorry there is no Starbucks in your area. I saw Romania in your profile, but assumed you lived here now because your English is so great, and your computer skills are superior. I thought maybe you went to school here. If you are ever in the states, and you get to the Detroit Michigan area, my husband and I would love to take you to dinner and show you around the greater Detroit area. My husband is from Mexico, and we have entertained many visitors from other countries, and we enjoy meeting people from different cultures.

Thanks again for your help getting my PC repaired. I thought it was a gonner when it first got infected.

Kate thumbup2.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users