Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is sending emails on its own


  • This topic is locked This topic is locked
26 replies to this topic

#1 Drfrankr

Drfrankr

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 18 September 2011 - 09:28 PM

Last year, my system was infected with a program that kept telling me that the system was infected and I needed to purchase something to fix it. After several weeks of using various freeware programs, I thought the problem was fixed. Then, in October 2010, the system began to send emails to random contacts with no record in my sent file. With further help, the problem appeared fixed with the only remnant being the fact that System Restore did not function. Nothing further occurred until last week when my wife's email account on the same machine began to send emails to random contacts with again, no record in her sent folder.

I have scanned using the freeware editions of CCleaner, Super Anti-Spyware, Spybot - Search & Destroy, Malwarebytes' Anti-Spyware, and ESET Online Scanner. No malicious content of any sort was found.

I know I am infected with something and need your help in resolving this issue. I am running a Dell Dimensions 8400 with 2 GB of RAM. The OS is XP Professional Version 5.1.2600 with Service Pack 3 Build 2600. I use Firefox for almost all internet use, but am required to use IE for certain software applications.

I have attached the files called for in the guide and await your response.

Thanks...Drfrankr

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Frank at 14:44:57 on 2011-09-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1187 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
{db11bf8c-50db-453f-a604-69d9e361c0a3}
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [USBDetector] c:\usbstorage\USBDetector.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxps://web2.securianretirementcenter.com/sub/Home_Main.htm
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184147257656
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{ABB2F36D-5B0D-4725-B8C4-851BC38754C0} : DhcpNameServer = 68.87.69.150 68.87.85.102
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: khfCspMC - khfCspMC.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMdCsSl
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\frank\application data\mozilla\firefox\profiles\7llyziev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-22 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-22 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110909.001\BHDrvx86.sys [2011-9-9 816760]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-22 136312]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-5-22 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110917.031\IDSXpx86.sys [2011-9-17 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110917.007\NAVENG.SYS [2011-9-17 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110917.007\NAVEX15.SYS [2011-9-17 1576312]
S2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-24 17:49:14 -------- d-----w- c:\program files\iPod
2011-08-24 17:49:11 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-09-10 15:54:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2004-08-04 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 14:46:15.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 23 September 2011 - 09:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419518 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:40 PM

Posted 24 September 2011 - 10:43 AM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:40 PM

Posted 24 September 2011 - 10:50 AM

Hi,

Is this your only symptom?

my wife's email account on the same machine began to send emails to random contacts with again, no record in her sent folder.


This might not be malware, this might be a case of your wife's email account being hacked. In the first instance, I would get to a clean PC and change the password on her account. See if that resolves the issue.

We will continue investigations though to check if your PC is compromised.

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step2: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Drfrankr

Drfrankr
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 24 September 2011 - 06:21 PM

Casey,

Glad to meet you.

Sorry to take so long to get back to you. The additional GMER scan requested by the Help Bot rebooted in the middle and I had to run it again (took over three hours to complete. So what follows is the balance of my response to the Help Bot and should answer all of your questions. Upon completion of that, I will download and run the TDSS Rootkit Removal Tool and generate an OTL report.

What follows is a restatement of the current and previous problems that will provide more information and a clearer picture of what is currently wrong.

Previously - On October 23, 2010. I posted topic 355828 (Sending email spam and No System Restore). In it, I explained that my email was sending spam to a portion of my address book and the problem had occurred 3 or 4 times in the past couple of weeks. Also, when I went to my outbox, it said it was empty.

My System Restore also did not work, I believe as a result of an attack earlier in the year. It appeared to function normally, however, when I confirmed the restore point selection, the system would shut down and restart and a screen came up saying Restoration Incomplete. With the help of Sightless from Bleepingcomputer.com we found the following,

1. ESET Online Scanner had the following results,
C:\adsl\ras\ras.exe (probably a variant of Win32/Agent.CGINEBG trojan cleaned by deleting - quarantined.
C:\Program Files\True\hi-speed Navigator\software\adsl.exe (probably a variant of Win32/Agent.CGINEBG trojan deleted - quarantined.
C:\Windows\system32\hsdnkkgo.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined.
2. Malwarebytes' Anti-Malware 1.46 had the following results,
Files Infected:
K:\System Volume Information\_restore{D175F036-587A-426E-8135-263A963D6B9E}\RP744\A0080964.exe (RiskWare.Tool.CK)-> Quarantined and deleted successfully.

After a little more cleaning with no malware found, system performance improved and my email has not had the problem since. The System Restore still does not function properly. This leads me to the current problem. Over the past three weeks or so, my wife's email has shown the same problem on two different occasions, again with nothing in her outbox.

Overall system performance has also slowly degraded with a noticeable increase in the time it takes to do anything.

I ran the freeware versions of CC Cleaner, Super Anti-Spyware, Spybot Search & Destroy, Malwarebytes' Anti-Malware and ESET Online scanner with no malware found. I also changed the password on her email account. In addition, there was one additional problem that may be a mechanical problem or not. In the middle of last week, the system hiccuped and my Maxtor 1GB external hard disappeared from my directory. After rebooting the system, it recognized the drive, but if I tried to access it, it would disappear again. Not knowing if this was a software or hardware problem, I just removed the drive to reduce the problems to work on at one time. I will try using the drive with a o;d laptop computer I have and see if that makes any difference. I will let you know what happens.

In answer to the Help Bot, no, I do not have the CD for my operating system. My OS was loaded by my company and they did not give me a hard copy.

I have attached the DDS and GMER logs that the Help Bot asked me to rerun and any help you can give me will be greatly appreciated.

After I send this, I will get to work on the TDSS Rootkit Removal Tool and the OTL report as you requested. If I left anything out, just let me know and I will try and get it for you.

Thanks...Frank

Attached Files



#6 Drfrankr

Drfrankr
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 24 September 2011 - 07:45 PM

Casey,

Here are the TDSS and OTL files as requested.

16:30:00.0578 3416 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
16:30:02.0578 3416 ============================================================
16:30:02.0578 3416 Current date / time: 2011/09/24 16:30:02.0578
16:30:02.0578 3416 SystemInfo:
16:30:02.0578 3416
16:30:02.0578 3416 OS Version: 5.1.2600 ServicePack: 3.0
16:30:02.0578 3416 Product type: Workstation
16:30:02.0578 3416 ComputerName: IT-2CD5A802B140
16:30:02.0578 3416 UserName: Frank
16:30:02.0578 3416 Windows directory: C:\WINDOWS
16:30:02.0578 3416 System windows directory: C:\WINDOWS
16:30:02.0578 3416 Processor architecture: Intel x86
16:30:02.0578 3416 Number of processors: 2
16:30:02.0578 3416 Page size: 0x1000
16:30:02.0578 3416 Boot type: Normal boot
16:30:02.0578 3416 ============================================================
16:30:14.0421 3416 Initialize success
16:30:31.0343 2472 ============================================================
16:30:31.0343 2472 Scan started
16:30:31.0343 2472 Mode: Manual;
16:30:31.0343 2472 ============================================================
16:30:32.0203 2472 Abiosdsk - ok
16:30:32.0437 2472 abp480n5 - ok
16:30:32.0765 2472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:30:32.0828 2472 ACPI - ok
16:30:33.0093 2472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:30:33.0109 2472 ACPIEC - ok
16:30:33.0343 2472 adpu160m - ok
16:30:33.0656 2472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:30:33.0703 2472 aec - ok
16:30:34.0000 2472 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:30:34.0062 2472 AFD - ok
16:30:34.0281 2472 Aha154x - ok
16:30:34.0546 2472 aic78u2 - ok
16:30:34.0796 2472 aic78xx - ok
16:30:35.0046 2472 AliIde - ok
16:30:35.0281 2472 amsint - ok
16:30:35.0593 2472 asc - ok
16:30:35.0906 2472 asc3350p - ok
16:30:36.0187 2472 asc3550 - ok
16:30:36.0500 2472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:30:36.0515 2472 AsyncMac - ok
16:30:36.0875 2472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:30:36.0906 2472 atapi - ok
16:30:37.0171 2472 Atdisk - ok
16:30:38.0031 2472 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:30:38.0546 2472 ati2mtag - ok
16:30:38.0859 2472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:30:38.0890 2472 Atmarpc - ok
16:30:39.0187 2472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:30:39.0203 2472 audstub - ok
16:30:39.0546 2472 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:30:39.0593 2472 b57w2k - ok
16:30:39.0953 2472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:30:39.0968 2472 Beep - ok
16:30:40.0625 2472 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys
16:30:40.0937 2472 BHDrvx86 - ok
16:30:41.0390 2472 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:30:41.0390 2472 BrScnUsb - ok
16:30:41.0656 2472 bvrp_pci - ok
16:30:42.0046 2472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:30:42.0109 2472 cbidf2k - ok
16:30:42.0625 2472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:30:42.0625 2472 CCDECODE - ok
16:30:42.0906 2472 cd20xrnt - ok
16:30:43.0375 2472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:30:43.0390 2472 Cdaudio - ok
16:30:43.0734 2472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:30:43.0765 2472 Cdfs - ok
16:30:44.0046 2472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:30:44.0078 2472 Cdrom - ok
16:30:44.0453 2472 Changer - ok
16:30:44.0734 2472 CmdIde - ok
16:30:45.0015 2472 Cpqarray - ok
16:30:45.0515 2472 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
16:30:45.0578 2472 ctsfm2k - ok
16:30:45.0843 2472 dac2w2k - ok
16:30:46.0171 2472 dac960nt - ok
16:30:46.0671 2472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:30:46.0703 2472 Disk - ok
16:30:47.0468 2472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:30:47.0750 2472 dmboot - ok
16:30:48.0093 2472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:30:48.0171 2472 dmio - ok
16:30:48.0625 2472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:30:48.0640 2472 dmload - ok
16:30:48.0953 2472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:30:49.0000 2472 DMusic - ok
16:30:49.0421 2472 dpti2o - ok
16:30:49.0734 2472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:30:49.0750 2472 drmkaud - ok
16:30:50.0140 2472 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:30:50.0437 2472 eeCtrl - ok
16:30:50.0578 2472 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:30:50.0609 2472 EraserUtilRebootDrv - ok
16:30:50.0968 2472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:30:51.0046 2472 Fastfat - ok
16:30:51.0484 2472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:30:51.0515 2472 Fdc - ok
16:30:51.0828 2472 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
16:30:51.0843 2472 FilterService - ok
16:30:52.0203 2472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:30:52.0218 2472 Fips - ok
16:30:52.0593 2472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:30:52.0625 2472 Flpydisk - ok
16:30:52.0937 2472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:30:52.0984 2472 FltMgr - ok
16:30:53.0390 2472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:30:53.0421 2472 Fs_Rec - ok
16:30:53.0718 2472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:30:53.0796 2472 Ftdisk - ok
16:30:54.0062 2472 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:30:54.0093 2472 GEARAspiWDM - ok
16:30:54.0546 2472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:30:54.0578 2472 Gpc - ok
16:30:54.0875 2472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:30:54.0906 2472 HidUsb - ok
16:30:55.0218 2472 hpn - ok
16:30:55.0671 2472 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:30:55.0718 2472 HPZid412 - ok
16:30:55.0984 2472 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:30:56.0015 2472 HPZipr12 - ok
16:30:56.0453 2472 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:30:56.0468 2472 HPZius12 - ok
16:30:56.0859 2472 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:30:56.0937 2472 HSFHWBS2 - ok
16:30:57.0750 2472 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:30:58.0125 2472 HSF_DP - ok
16:30:58.0687 2472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:30:58.0796 2472 HTTP - ok
16:30:59.0078 2472 i2omgmt - ok
16:30:59.0468 2472 i2omp - ok
16:30:59.0812 2472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:30:59.0843 2472 i8042prt - ok
16:31:00.0484 2472 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110923.030\IDSxpx86.sys
16:31:00.0640 2472 IDSxpx86 - ok
16:31:00.0921 2472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:31:00.0953 2472 Imapi - ok
16:31:01.0250 2472 ini910u - ok
16:31:01.0625 2472 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:31:01.0640 2472 IntelIde - ok
16:31:01.0984 2472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:31:02.0015 2472 intelppm - ok
16:31:02.0468 2472 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:31:02.0500 2472 Ip6Fw - ok
16:31:02.0828 2472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:31:02.0843 2472 IpFilterDriver - ok
16:31:03.0156 2472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:31:03.0171 2472 IpInIp - ok
16:31:03.0578 2472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:31:03.0625 2472 IpNat - ok
16:31:03.0906 2472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:31:03.0937 2472 IPSec - ok
16:31:04.0203 2472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:31:04.0203 2472 IRENUM - ok
16:31:04.0593 2472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:31:04.0609 2472 isapnp - ok
16:31:04.0859 2472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:31:04.0875 2472 Kbdclass - ok
16:31:05.0218 2472 klif (a7a3d9d93c33423c11460a6f98fcd3e3) C:\WINDOWS\system32\drivers\klif.sys
16:31:05.0406 2472 klif - ok
16:31:05.0703 2472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:31:05.0765 2472 kmixer - ok
16:31:06.0046 2472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:31:06.0078 2472 KSecDD - ok
16:31:06.0453 2472 lbrtfdc - ok
16:31:06.0734 2472 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
16:31:06.0734 2472 LVPr2Mon - ok
16:31:07.0109 2472 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:31:07.0203 2472 LVRS - ok
16:31:10.0109 2472 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:31:12.0687 2472 LVUVC - ok
16:31:13.0000 2472 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
16:31:13.0031 2472 mcdbus - ok
16:31:13.0421 2472 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:31:13.0421 2472 mdmxsdk - ok
16:31:13.0687 2472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:31:13.0703 2472 mnmdd - ok
16:31:13.0984 2472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:31:14.0000 2472 Modem - ok
16:31:14.0390 2472 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:31:14.0406 2472 MODEMCSA - ok
16:31:14.0671 2472 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
16:31:14.0687 2472 motmodem - ok
16:31:14.0937 2472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:31:14.0953 2472 Mouclass - ok
16:31:15.0250 2472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:31:15.0281 2472 MountMgr - ok
16:31:15.0609 2472 mraid35x - ok
16:31:15.0937 2472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:31:16.0000 2472 MRxDAV - ok
16:31:16.0531 2472 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:31:16.0687 2472 MRxSmb - ok
16:31:16.0937 2472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:31:16.0953 2472 Msfs - ok
16:31:17.0234 2472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:31:17.0234 2472 MSKSSRV - ok
16:31:17.0609 2472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:31:17.0609 2472 MSPCLOCK - ok
16:31:17.0859 2472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:31:17.0859 2472 MSPQM - ok
16:31:18.0109 2472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:31:18.0125 2472 mssmbios - ok
16:31:18.0500 2472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:31:18.0515 2472 MSTEE - ok
16:31:18.0796 2472 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:31:18.0828 2472 Mup - ok
16:31:19.0093 2472 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
16:31:19.0093 2472 MXOPSWD - ok
16:31:19.0515 2472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:31:19.0546 2472 NABTSFEC - ok
16:31:19.0671 2472 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110923.025\NAVENG.SYS
16:31:19.0703 2472 NAVENG - ok
16:31:20.0421 2472 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110923.025\NAVEX15.SYS
16:31:20.0953 2472 NAVEX15 - ok
16:31:21.0421 2472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:31:21.0484 2472 NDIS - ok
16:31:21.0765 2472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:31:21.0781 2472 NdisIP - ok
16:31:22.0062 2472 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:31:22.0062 2472 NdisTapi - ok
16:31:22.0453 2472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:31:22.0453 2472 Ndisuio - ok
16:31:22.0718 2472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:31:22.0750 2472 NdisWan - ok
16:31:23.0031 2472 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:31:23.0046 2472 NDProxy - ok
16:31:23.0421 2472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:31:23.0437 2472 NetBIOS - ok
16:31:23.0734 2472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:31:23.0796 2472 NetBT - ok
16:31:24.0062 2472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:31:24.0078 2472 Npfs - ok
16:31:24.0625 2472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:31:24.0828 2472 Ntfs - ok
16:31:25.0093 2472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:31:25.0093 2472 Null - ok
16:31:25.0468 2472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:31:25.0484 2472 NwlnkFlt - ok
16:31:25.0734 2472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:31:25.0750 2472 NwlnkFwd - ok
16:31:26.0046 2472 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
16:31:26.0078 2472 ossrv - ok
16:31:26.0812 2472 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
16:31:27.0187 2472 P17 - ok
16:31:27.0578 2472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:31:27.0593 2472 Parport - ok
16:31:27.0843 2472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:31:27.0859 2472 PartMgr - ok
16:31:28.0109 2472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:31:28.0125 2472 ParVdm - ok
16:31:28.0515 2472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:31:28.0531 2472 PCI - ok
16:31:28.0765 2472 PCIDump - ok
16:31:29.0015 2472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:31:29.0015 2472 PCIIde - ok
16:31:29.0453 2472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:31:29.0515 2472 Pcmcia - ok
16:31:29.0781 2472 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
16:31:29.0796 2472 pcouffin - ok
16:31:30.0031 2472 PDCOMP - ok
16:31:30.0375 2472 PDFRAME - ok
16:31:30.0625 2472 PDRELI - ok
16:31:30.0859 2472 PDRFRAME - ok
16:31:31.0109 2472 perc2 - ok
16:31:31.0468 2472 perc2hib - ok
16:31:31.0734 2472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:31:31.0765 2472 PptpMiniport - ok
16:31:32.0031 2472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:31:32.0046 2472 PSched - ok
16:31:32.0421 2472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:31:32.0437 2472 Ptilink - ok
16:31:32.0703 2472 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:31:32.0718 2472 PxHelp20 - ok
16:31:32.0953 2472 ql1080 - ok
16:31:33.0203 2472 Ql10wnt - ok
16:31:33.0546 2472 ql12160 - ok
16:31:33.0781 2472 ql1240 - ok
16:31:34.0015 2472 ql1280 - ok
16:31:34.0390 2472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:31:34.0390 2472 RasAcd - ok
16:31:34.0656 2472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:31:34.0687 2472 Rasl2tp - ok
16:31:34.0937 2472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:31:34.0953 2472 RasPppoe - ok
16:31:35.0203 2472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:31:35.0218 2472 Raspti - ok
16:31:35.0718 2472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:31:35.0781 2472 Rdbss - ok
16:31:36.0015 2472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:31:36.0031 2472 RDPCDD - ok
16:31:36.0453 2472 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:31:36.0531 2472 rdpdr - ok
16:31:36.0828 2472 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:31:36.0875 2472 RDPWD - ok
16:31:37.0187 2472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:31:37.0203 2472 redbook - ok
16:31:37.0437 2472 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:31:37.0437 2472 SASDIFSV - ok
16:31:37.0484 2472 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:31:37.0515 2472 SASKUTIL - ok
16:31:37.0781 2472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:31:37.0796 2472 Secdrv - ok
16:31:38.0062 2472 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:31:38.0062 2472 serenum - ok
16:31:38.0437 2472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:31:38.0468 2472 Serial - ok
16:31:38.0734 2472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:31:38.0750 2472 Sfloppy - ok
16:31:38.0984 2472 Simbad - ok
16:31:39.0390 2472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:31:39.0406 2472 SLIP - ok
16:31:39.0640 2472 Sparrow - ok
16:31:39.0890 2472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:31:39.0906 2472 splitter - ok
16:31:40.0171 2472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:31:40.0203 2472 sr - ok
16:31:40.0796 2472 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
16:31:40.0968 2472 SRTSP - ok
16:31:41.0250 2472 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
16:31:41.0375 2472 SRTSPX - ok
16:31:41.0750 2472 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:31:41.0859 2472 Srv - ok
16:31:42.0125 2472 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:31:42.0140 2472 StillCam - ok
16:31:42.0515 2472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:31:42.0515 2472 streamip - ok
16:31:42.0765 2472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:31:42.0765 2472 swenum - ok
16:31:43.0015 2472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:31:43.0046 2472 swmidi - ok
16:31:43.0406 2472 symc810 - ok
16:31:43.0640 2472 symc8xx - ok
16:31:44.0015 2472 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
16:31:44.0140 2472 SymDS - ok
16:31:44.0796 2472 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
16:31:45.0046 2472 SymEFA - ok
16:31:45.0453 2472 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:31:45.0500 2472 SymEvent - ok
16:31:45.0828 2472 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
16:31:45.0890 2472 SymIRON - ok
16:31:46.0265 2472 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
16:31:46.0500 2472 SYMTDI - ok
16:31:46.0734 2472 sym_hi - ok
16:31:46.0968 2472 sym_u3 - ok
16:31:47.0250 2472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:31:47.0390 2472 sysaudio - ok
16:31:47.0781 2472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:31:47.0906 2472 Tcpip - ok
16:31:48.0171 2472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:31:48.0187 2472 TDPIPE - ok
16:31:48.0562 2472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:31:48.0578 2472 TDTCP - ok
16:31:48.0828 2472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:31:48.0843 2472 TermDD - ok
16:31:49.0093 2472 TosIde - ok
16:31:49.0484 2472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:31:49.0515 2472 Udfs - ok
16:31:49.0750 2472 ultra - ok
16:31:50.0140 2472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:31:50.0390 2472 Update - ok
16:31:50.0671 2472 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:31:50.0687 2472 USBAAPL - ok
16:31:50.0968 2472 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:31:51.0000 2472 usbaudio - ok
16:31:51.0375 2472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:31:51.0390 2472 usbccgp - ok
16:31:51.0656 2472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:31:51.0671 2472 usbehci - ok
16:31:51.0937 2472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:31:51.0953 2472 usbhub - ok
16:31:52.0218 2472 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:31:52.0250 2472 usbprint - ok
16:31:52.0625 2472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:31:52.0640 2472 usbscan - ok
16:31:52.0921 2472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:31:52.0937 2472 USBSTOR - ok
16:31:53.0218 2472 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:31:53.0218 2472 usbuhci - ok
16:31:53.0640 2472 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:31:53.0687 2472 usbvideo - ok
16:31:53.0937 2472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:31:53.0953 2472 VgaSave - ok
16:31:54.0203 2472 ViaIde - ok
16:31:54.0593 2472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:31:54.0609 2472 VolSnap - ok
16:31:54.0875 2472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:31:54.0890 2472 Wanarp - ok
16:31:55.0437 2472 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:31:55.0593 2472 Wdf01000 - ok
16:31:55.0828 2472 WDICA - ok
16:31:56.0125 2472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:31:56.0156 2472 wdmaud - ok
16:31:56.0765 2472 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:31:56.0984 2472 winachsf - ok
16:31:57.0406 2472 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:31:57.0421 2472 WS2IFSL - ok
16:31:57.0703 2472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:31:57.0718 2472 WSTCODEC - ok
16:31:58.0015 2472 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:31:58.0031 2472 WudfPf - ok
16:31:58.0437 2472 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:31:58.0468 2472 WudfRd - ok
16:31:58.0500 2472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:31:58.0687 2472 \Device\Harddisk0\DR0 - ok
16:31:58.0703 2472 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3
16:31:58.0890 2472 \Device\Harddisk1\DR3 - ok
16:31:58.0890 2472 Boot (0x1200) (57ec400bc2fe10631450097142ea2e49) \Device\Harddisk0\DR0\Partition0
16:31:58.0890 2472 \Device\Harddisk0\DR0\Partition0 - ok
16:31:58.0906 2472 Boot (0x1200) (1e2ad284f8b4c9bf8e2b93a3ca2938f3) \Device\Harddisk0\DR0\Partition1
16:31:58.0921 2472 \Device\Harddisk0\DR0\Partition1 - ok
16:31:58.0921 2472 Boot (0x1200) (582220f8d05995054ab0d8a6a94fcddc) \Device\Harddisk1\DR3\Partition0
16:31:58.0921 2472 \Device\Harddisk1\DR3\Partition0 - ok
16:31:58.0921 2472 ============================================================
16:31:58.0921 2472 Scan finished
16:31:58.0921 2472 ============================================================
16:31:58.0937 1608 Detected object count: 0
16:31:58.0937 1608 Actual detected object count: 0
16:32:16.0484 3952 Deinitialize success

OTL logfile created on: 9/24/2011 5:03:35 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.20% Memory free
6.78 Gb Paging File | 6.20 Gb Available in Paging File | 91.39% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 26.23 Gb Free Space | 32.79% Space Free | Partition Type: NTFS
Drive D: | 69.05 Gb Total Space | 58.46 Gb Free Space | 84.67% Space Free | Partition Type: NTFS
Drive I: | 233.76 Gb Total Space | 198.52 Gb Free Space | 84.92% Space Free | Partition Type: NTFS

Computer Name: IT-2CD5A802B140 | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/24 16:28:33 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/24 00:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/11/01 19:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/21 17:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 12:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/01 11:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/09 16:10:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/09 14:58:05 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/09 14:57:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/08/09 14:56:50 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/08/09 14:56:49 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/09 14:56:48 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/08/09 14:56:42 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/08/09 14:56:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/08/09 14:56:40 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/08/09 14:56:39 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/09 14:56:35 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/08/09 14:56:27 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/08/09 14:45:00 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/12/06 18:17:23 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/12/06 18:17:21 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/12/06 18:17:16 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/12/06 18:17:15 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/12/06 18:17:15 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/12/06 18:17:15 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/12/06 18:17:14 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/12/06 18:17:13 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/12/06 18:17:12 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/12/06 18:17:12 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/12/06 18:17:12 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/19 16:11:26 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/19 16:11:23 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/02/19 16:11:22 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/19 16:11:20 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/19 16:11:08 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/19 16:11:06 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/19 16:11:05 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/19 16:11:04 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/19 16:11:03 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/19 16:11:03 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/19 16:11:02 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2006/04/26 08:32:28 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2005/05/03 05:38:42 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\P17.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/21 06:36:57 | 000,231,952 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/09 10:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/23 00:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110923.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/03 18:21:06 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110923.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 18:21:06 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110923.025\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 00:42:33 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/27 16:13:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/22 10:41:06 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/07 01:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 01:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2009/10/07 01:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/02 11:28:34 | 000,201,504 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/09/04 11:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/06/18 00:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/14 20:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/02/09 06:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/10 04:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 04:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/23 00:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.1
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/08/23 08:50:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_1_3 [2011/09/24 17:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 08:29:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 12:34:08 | 000,000,000 | ---D | M]

[2008/10/14 17:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
[2011/08/10 18:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions
[2010/06/15 07:33:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/07 10:48:05 | 000,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2011/07/07 09:59:01 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2010/02/08 12:27:49 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/06/01 10:50:53 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\firefox@tvunetworks.com
[2010/05/26 18:04:41 | 000,000,000 | ---D | M] (OpenXMLViewer) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\OpenXMLViewer@Codeplex.com
[2009/05/22 10:06:43 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\searchrecs@veoh.com
[2011/05/25 10:15:51 | 000,002,468 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\searchplugins\safesearch.xml
[2010/05/31 20:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/24 17:01:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_1_3
[2011/08/23 08:50:20 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\DOCUMENTS AND SETTINGS\FRANK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7LLYZIEV.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
[2011/09/07 08:29:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/12 10:46:18 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/05/04 11:40:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {DB11BF8C-50DB-453F-A604-69D9E361C0A3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1614895754-1060284298-725345543-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} https://web2.securianretirementcenter.com/sub/Home_Main.htm (Web Browser Applet Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184147257656 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab (FlashXControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB2F36D-5B0D-4725-B8C4-851BC38754C0}: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\khfCspMC: DllName - (khfCspMC.dll) - File not found
O24 - Desktop Components:0 () - http://img184.imagevenue.com/loc31/th_60015_Roberto_Cavalli_Milan_S-S_06_Celebrity_City_FS_9215_122_31lo.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMdCsSl) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/10 08:03:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/20 19:50:48 | 000,000,059 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/24 16:28:33 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2011/09/24 16:24:46 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Frank\Desktop\tdsskiller.exe
[2011/09/24 05:24:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Frank\Cookies
[2011/09/23 14:42:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Frank\Recent
[2011/09/03 03:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2008/03/30 00:33:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Frank\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 17:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 17:01:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/24 17:01:14 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/09/24 17:01:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/24 17:00:27 | 013,247,776 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/09/24 17:00:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/24 16:59:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/24 16:59:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/24 16:54:08 | 001,252,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/09/24 16:54:06 | 002,885,912 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/09/24 16:54:05 | 245,196,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/09/24 16:28:33 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2011/09/24 16:24:47 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Frank\Desktop\tdsskiller.exe
[2011/09/24 08:16:39 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/24 05:21:28 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/09/23 18:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/09/22 09:13:23 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/09/21 09:14:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/21 02:49:09 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/09/18 14:39:51 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Defogger.exe
[2011/09/18 03:38:35 | 000,135,688 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\– USATODAY.pdf
[2011/09/17 05:05:33 | 000,000,590 | ---- | M] () -- C:\0.bak
[2011/09/14 18:10:45 | 000,505,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/14 18:10:45 | 000,087,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/13 14:35:41 | 000,000,559 | ---- | M] () -- C:\0
[2011/09/10 08:54:53 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/01 03:51:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/30 22:26:20 | 000,359,996 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\outlook-us-2011=part 3.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/18 14:39:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Defogger.exe
[2011/09/18 03:38:35 | 000,135,688 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\– USATODAY.pdf
[2011/08/30 22:26:20 | 000,359,996 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\outlook-us-2011=part 3.pdf
[2011/08/26 10:48:06 | 005,705,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/18 14:27:37 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 14:22:32 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/10 17:29:39 | 000,097,244 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/20 16:58:02 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2011/01/20 16:58:01 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2011/01/20 16:57:56 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2011/01/20 16:57:54 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2010/12/14 07:40:09 | 000,004,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hnbdehzc.pfe
[2010/12/14 07:39:58 | 000,005,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\etgxespc.rpo
[2010/12/08 11:09:18 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/20 18:22:21 | 000,188,489 | ---- | C] () -- C:\WINDOWS\hpwins22.dat.temp
[2010/07/20 18:22:20 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/07/20 13:08:37 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2010/06/24 03:56:47 | 000,002,489 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2010/06/12 18:06:28 | 245,196,832 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/06/12 18:06:28 | 013,247,776 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/31 20:24:41 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/28 12:41:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/07 23:55:40 | 000,063,119 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/07 23:38:19 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/01/26 23:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/20 14:48:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/30 21:57:56 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2008/11/01 12:22:49 | 000,005,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2008/10/15 15:14:48 | 000,002,693 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2008/10/15 15:00:12 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/10/14 17:08:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/10 05:57:56 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/30 00:35:18 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Frank\Application Data\vso_ts_preview.xml
[2008/03/30 00:33:43 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Frank\Application Data\inst.exe
[2008/03/30 00:33:43 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Frank\Application Data\pcouffin.cat
[2008/03/30 00:33:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Frank\Application Data\pcouffin.inf
[2008/03/17 22:20:07 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/01/05 05:55:40 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/15 06:16:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/11/03 23:12:08 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/11/03 23:12:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/11/03 23:10:24 | 000,000,873 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/11/03 23:10:24 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/11/03 23:10:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/11 05:27:52 | 000,220,672 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/05 06:52:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/25 01:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/11 03:26:22 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2007/07/11 03:26:22 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/07/11 00:56:33 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/07/11 00:56:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2007/07/11 00:48:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/10 14:43:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/10 14:42:52 | 000,460,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/10 09:42:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/07/10 09:42:27 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/10 08:06:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/10 08:01:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/26 02:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/10/14 02:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/05/03 05:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,505,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,087,580 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/27 05:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/10/02 04:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 9/24/2011 5:03:35 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.20% Memory free
6.78 Gb Paging File | 6.20 Gb Available in Paging File | 91.39% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 26.23 Gb Free Space | 32.79% Space Free | Partition Type: NTFS
Drive D: | 69.05 Gb Total Space | 58.46 Gb Free Space | 84.67% Space Free | Partition Type: NTFS
Drive I: | 233.76 Gb Total Space | 198.52 Gb Free Space | 84.92% Space Free | Partition Type: NTFS

Computer Name: IT-2CD5A802B140 | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1614895754-1060284298-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:Incoming 427
"9220:UDP" = 9220:UDP:LocalSubNet:Enabled:Outgoing Fax
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"F:\setup\hpznui01.exe" = F:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ddpoker3\ddpoker.exe" = C:\Program Files\ddpoker3\ddpoker.exe:*:Disabled:http://www.ddpoker.com/ -- (Donohoe Digital LLC)
"F:\setup\hpznui01.exe" = F:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:LocalSubNet:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:LocalSubNet:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:LocalSubNet:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:LocalSubNet:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:LocalSubNet:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26671921-A46D-4639-B7EF-E43BE6F2AE73}" = EASEUS Data Recovery Wizard 4.3.6 Demo
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46D61287-50D4-46B9-B10B-B6DBCD023873}" = EASEUS Data Recovery Wizard 4.3.6
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D8AB000F-FB45-4728-BE92-9EC60D26B969}" = ADM - Service Pack for 4.0
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.12.352
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = WebEx Meeting Manager for Internet Explorer
"{F8B05D3E-74A2-445D-AC4C-11842E7A6118}" = ADM - Assessment Data Manager
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CutePDF Writer Installation" = CutePDF Writer 2.6
"DD Poker 3 " = DD Poker 3
"Device Control" = Device Control
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EAXSet" = Creative EAX Settings
"ESET Online Scanner" = ESET Online Scanner v3
"Freecorder5.01" = Freecorder 5
"freecordertoolbar" = Freecorder Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Jewel Quest II" = Jewel Quest II (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Standard)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Magic Ball 2" = GameHouse Games Collection: Magic Ball 2
"Magic Ball 2 - New Worlds" = GameHouse Games Collection: Magic Ball 2 - New Worlds
"Magic Ball Deluxe" = GameHouse Games Collection: Magic Ball
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"Need4 DVD Burner 8" = Need4 DVD Burner 8
"Need4 Software Launcher" = Need4 Software Launcher 8.1
"Need4 Video Converter 8" = Need4 Video Converter 8
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Slingo Deluxe" = GameHouse Games Collection: Slingo Deluxe
"SPEAKER" = Creative Speaker Settings
"Speed Dial Utility" = Canon Speed Dial Utility
"Super 5-Line Slots" = GameHouse Games Collection: Super 5-Line Slots
"Super Gem Drop" = GameHouse Games Collection: Super Gem Drop
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"VirtualDub Pack" = VirtualDub Pack
"VLC media player" = VLC media player 1.1.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1060284298-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2011 4:00:46 PM | Computer Name = IT-2CD5A802B140 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/23/2011 10:21:23 PM | Computer Name = IT-2CD5A802B140 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/23/2011 10:21:23 PM | Computer Name = IT-2CD5A802B140 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/23/2011 10:23:44 PM | Computer Name = IT-2CD5A802B140 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/23/2011 10:23:45 PM | Computer Name = IT-2CD5A802B140 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/24/2011 8:25:29 AM | Computer Name = IT-2CD5A802B140 | Source = Windows Search Service | ID = 9002
Description = The Windows Search Service cannot load the property store information.

Context:
Windows Application, SystemIndex Catalog Details: 0x%08x (0x80041181 - The content
index server cannot find a description of the content index in its database. Search
will automatically attempt to recreate the content index description. If this
problem persists, stop and restart the search service and, if necessary, delete
and recreate the content index. )

Error - 9/24/2011 8:25:29 AM | Computer Name = IT-2CD5A802B140 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index metadata cannot
be read. (0xc0041801)

Error - 9/24/2011 8:25:29 AM | Computer Name = IT-2CD5A802B140 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (0x80070490)


Error - 9/24/2011 8:25:29 AM | Computer Name = IT-2CD5A802B140 | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index metadata cannot be read. (0xc0041801)


Error - 9/24/2011 8:25:29 AM | Computer Name = IT-2CD5A802B140 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index metadata cannot be read. (0xc0041801)

[ System Events ]
Error - 9/24/2011 3:36:06 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 3:36:09 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 3:36:31 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 3:37:05 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 3:38:15 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 3:42:00 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 3:42:48 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 3:42:59 PM | Computer Name = IT-2CD5A802B140 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2011 8:01:17 PM | Computer Name = IT-2CD5A802B140 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%2

Error - 9/24/2011 8:01:17 PM | Computer Name = IT-2CD5A802B140 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%2


< End of report >

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:40 PM

Posted 25 September 2011 - 05:53 AM

My OS was loaded by my company and they did not give me a hard copy.


:exclame: Since this is a company PC you should check that you have permission to carry out any instructions I give you. Failure to check may result in disciplinary actions being taken against you, by your employer, for which I am not responsible. You should also check that your company does not have a team who deals with computer issues and infections.

I will not post any instructions for you until you have confirmed that you have checked and that any repercussions as a result of our work are wholly your responsibility.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 Drfrankr

Drfrankr
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 25 September 2011 - 06:28 AM

Casey,

There is no problem. The computer is mine. I spent two years overseas in Thailand working for a company and they replaced my old OS with the XP Professional I now have. The computer is mine and I accept all responsibility for it and what is on it.

Let me know if you have any other questions.

Regards...Frank

#9 Drfrankr

Drfrankr
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 25 September 2011 - 06:51 AM

Casey,

The company also gave me Kaspursky Anti-Virus. That is why you can see remnants of it on my machine. The license expired last year and I replaced it with Norton, which was free from Comcast (my internet and cable provider).

Thanks...Frank

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:40 PM

Posted 25 September 2011 - 11:44 AM

OK, great :thumbup2:

:step1: P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.

:step2: Freecorder Toolbar
In the following fix (step 3) I am removing the Freecorder Toolbar. This is based upon the following information: http://www.systemlookup.com/CLSID/73148-vmntemplateX_dll.html


:step3: We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    [2011/07/07 09:59:01 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
    O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
    O2 - BHO: (no name) - {DB11BF8C-50DB-453F-A604-69D9E361C0A3} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found
    O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found
    O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found
    O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\khfCspMC: DllName - (khfCspMC.dll) - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMdCsSl) - File not found
    O32 - AutoRun File - [2007/07/10 08:03:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/07/20 19:50:48 | 000,000,059 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
    [2011/09/17 05:05:33 | 000,000,590 | ---- | M] () -- C:\0.bak
    [2011/09/13 14:35:41 | 000,000,559 | ---- | M] () -- C:\0
    [2010/12/14 07:40:09 | 000,004,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hnbdehzc.pfe
    [2010/12/14 07:39:58 | 000,005,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\etgxespc.rpo
    [2008/11/01 12:22:49 | 000,005,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [PURITY]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

How is your PC running now?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 Drfrankr

Drfrankr
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 25 September 2011 - 04:43 PM

Casey,

I have removed utorrent from my computer. Since it was not in Control Panel or listed under Programs, I deleted the .exe file and also the shortcuts. I have also run the OTL fix (the report is included) that removed the Freecorder Toolbar, among other things. I also went into programs and uninstalled all of the Freecorder programs.

The performance may be a little faster, but it is still much slower than it used to be.

Thanks for helping me to get to this point. What's next?

Thanks...Frank

All processes killed
========== OTL ==========
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\components folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib\debugbar folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\skin folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\data\weather folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\data\search folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\data\rss folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\data\dynamicElements folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\data folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV\js folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV\images folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV\css folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\newtab\images folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\newtab folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome\content folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\chrome folder moved successfully.
C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ deleted successfully.
C:\Program Files\freecordertoolbar\vmntemplateX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB11BF8C-50DB-453F-A604-69D9E361C0A3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB11BF8C-50DB-453F-A604-69D9E361C0A3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ not found.
File C:\Program Files\freecordertoolbar\vmntemplateX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Freecorder FLV Service deleted successfully.
C:\Program Files\Freecorder\FLVSrvc.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ deleted successfully.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfCspMC\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\qoMdCsSl deleted successfully.
C:\AUTOEXEC.BAT moved successfully.
I:\autorun.inf moved successfully.
C:\0.bak moved successfully.
C:\0 moved successfully.
C:\Documents and Settings\All Users\Application Data\hnbdehzc.pfe moved successfully.
C:\Documents and Settings\All Users\Application Data\etgxespc.rpo moved successfully.
C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Brenda
->Temp folder emptied: 9798013 bytes
->Temporary Internet Files folder emptied: 5097093 bytes
->FireFox cache emptied: 68692857 bytes
->Flash cache emptied: 16563 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Frank
->Temp folder emptied: 43457352 bytes
->Temporary Internet Files folder emptied: 114114 bytes
->FireFox cache emptied: 54050168 bytes
->Flash cache emptied: 489 bytes

User: IT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->FireFox cache emptied: 11329346 bytes
->Flash cache emptied: 1060 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 27355008 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158715 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 132965894 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 339.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.29.1 log created on 09252011_141726

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_120.dat not found!

Registry entries deleted on Reboot...

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:40 PM

Posted 26 September 2011 - 06:12 AM

Hi,

I think we'll try ComboFix: please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 Drfrankr

Drfrankr
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 26 September 2011 - 10:52 AM

Casey,

Just a couple of questions before I begin.

First, I am assuming that before I disable all A/V protection, that I first disconnect from the internet and then disable A/V. I also am assuming that I follow the reverse procedure before reconnecting to the internet. It may be a stupid question, but I want to make sure.

Second, with the exception of Spybot S&D, whose instructions are in the list, I am assuming that the freeware versions of things like CC Cleaner, Super Anti-Spyware and Malwarebyte's Anti-malware software have no resident component to disable.

Finally, I have a program from Pareto Logic called PC Health Advisor. It does not seem to be of much use and I am not sure what it has resident so I plan to uninstall it unless you think it has some value? Let me know what you think and I will get started. And again, thanks for all the effort on my behalf.

Regards...Frank

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:40 PM

Posted 26 September 2011 - 12:11 PM

Hi Frank,

We would normally suggest that you disconnect from the internet when you have no AV installed, however, ComboFix may need to access the internet when it runs - so in this case: no.

Correct, the freeware versions of those products do not contain any real-time agent.

I've never used PC Health Advisor so I can't comment on it specifically, however, if you don't use it - then go ahead and uninstall :)

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 Drfrankr

Drfrankr
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 26 September 2011 - 02:21 PM

Casey,

Below is the combofix log. My A/V protection is still disabled. Is this correct?

Regards...Frank

ComboFix 11-09-26.02 - Frank 09/26/2011 11:58:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1257 [GMT -7:00]
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Frank\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Frank\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
I:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-25 21:17 . 2011-09-25 21:17 -------- d-----w- C:\_OTL
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-09-03 10:17 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-10 15:54 . 2011-05-20 22:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2010-10-23 00:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-07 15:29 . 2011-05-04 18:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"P17Helper"="P17.dll" [2005-05-03 64512]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-22 169312]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-7-11 25214]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ddpoker3\\ddpoker.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [5/22/2011 10:41 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [5/22/2011 10:41 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys [9/9/2011 10:44 AM 816760]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [5/22/2011 10:40 AM 136312]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [5/22/2011 10:40 AM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/28/2011 12:42 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110923.030\IDSXpx86.sys [9/23/2011 8:03 PM 356280]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/30/2008 12:33 AM 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 2:37 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 2:37 PM 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 21:37]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 21:37]
.
2011-09-26 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-09-21 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\7llyziev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 12:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1060284298-725345543-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'winlogon.exe'(2404)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\msxml3.dll
.
Completion time: 2011-09-26 12:16:43
ComboFix-quarantined-files.txt 2011-09-26 19:16
.
Pre-Run: 27,502,211,072 bytes free
Post-Run: 27,444,162,560 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 69A7D4626842F00A86B69427755E4D36




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users