1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Security AV

Discussion in 'Malware and Virus Removal Archive' started by Dcmurray, 2010/06/29.

Page 1 of 2
  1. 2010/06/29
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    [Resolved] Security AV

    Hello,

    I have been here before and apparently admin seems to think that my computing practices need a little work. So, Before we begin let me explain a few things please.

    1) The last two time I have been here, there has been no resolution by the forum, therefore, there wasn't any malware to begin with. They were each registry issues that were solved by a computer store. (thanks for your help anyway)

    2) I have also posted an issue in the Windows XP forum asking for help to resolve a User Account issue.

    3) This User account issue actually resulted in malware infecting my computer. (My children tried to find a unlock code for the new game "Zumba Revenge" and downloaded an unauthorized file under my user account.

    This resulted in Security AV showing up. As well as my Google Search engine now searching in Dutch, Lots and lots of popup from Internet explorer. (I don't use Explorer, I use Firefox) Extremely slow loading pages and a running process that Norton doesn't know anything about and cannot find in Google. (qsasua.exe) Norton tells me it has heavy usage.

    I think Norton has resolved some of the Security AV problem, but i don't think we are there yet.

    Please find attached the logs as requested.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 19:59:11.46 on Tue 06/29/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.99 [GMT -3:00]

    AV: Security Master AV *On-access scanning enabled* (Updated) {946E5883-A589-42C5-A514-A6C551DD164B}
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Security Master AV *enabled* {03CB623A-A148-427E-8269-27E0F7408427}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    C:\Program Files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
    C:\Program Files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.cbc.ca/ns/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Norton Safety Minder: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files\norton online\addons\norton safety minder\engine\2.0.0.42\coIEPlg.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    uPolicies-explorer: MaxRecentDocs = 5 (0x5)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072873752953
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219257687734
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    IFEO: mrt.exe - svchost.exe
    IFEO: msfwsvc.exe - svchost.exe
    IFEO: MsMpEng.exe - svchost.exe
    IFEO: msseces.exe - svchost.exe
    IFEO: OcHealthMon.exe - svchost.exe

    Note: multiple IFEO entries found. Please refer to Attach.txt
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\uwylqqnr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/ns/|http://www.sympatico.ca/
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\documents and settings\all users\application data\norton\{78ca3bf0-9c3b-40e1-b46d-38c877ef059a}\nsm_2.0.0.42\cofffw\components\coFFFw.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-6-28 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-6-28 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-19 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-6-28 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-6-28 116784]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-10 54752]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-6-28 126392]
    R2 NOF;Norton Online;c:\program files\norton online\engine\2.0.0.66\ccSvcHst.exe [2010-6-28 126904]
    R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-21 16680]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-28 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100625.001\IDSXpx86.sys [2010-6-28 331640]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100629.002\NAVENG.SYS [2010-6-29 85552]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100629.002\NAVEX15.SYS [2010-6-29 1347504]
    S2 gupdate1ca24fdf82ceca0;Google Update Service (gupdate1ca24fdf82ceca0);c:\program files\google\update\GoogleUpdate.exe [2009-8-24 133104]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0200000.02a\symrdr.sys [2010-6-28 180912]

    =============== Created Last 30 ================

    2010-06-29 12:53:31 5632 --sha-w- c:\documents and settings\owner\Thumbs.db
    2010-06-28 22:59:45 0 d-----w- c:\windows\system32\drivers\NSM
    2010-06-28 22:59:35 0 d-----w- c:\windows\system32\drivers\NOF
    2010-06-28 22:59:35 0 d-----w- c:\program files\Norton Online
    2010-06-28 21:00:28 0 d-----w- c:\docume~1\owner\applic~1\Tific
    2010-06-28 20:42:58 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-06-28 20:42:58 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-06-28 20:42:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-06-28 20:42:58 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-06-28 20:42:57 0 d-----w- c:\program files\Symantec
    2010-06-28 20:42:57 0 d-----w- c:\program files\common files\Symantec Shared
    2010-06-28 20:42:09 0 d-----w- c:\windows\system32\drivers\NIS
    2010-06-28 20:42:05 0 d-----w- c:\program files\Norton Internet Security
    2010-06-28 20:40:37 0 d-----w- c:\program files\NortonInstaller
    2010-06-28 11:48:15 0 d-----w- c:\program files\Panda Security
    2010-06-27 18:41:18 0 d-sh--w- c:\docume~1\owner\applic~1\Security Master AV
    2010-06-27 18:41:14 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SMRIUAV
    2010-06-27 18:20:07 0 d-sh--w- c:\docume~1\alluse~1\applic~1\74fa3dc
    2010-06-27 15:49:25 165888 ----a-w- c:\windows\Qsasua.exe
    2010-06-27 15:49:18 52224 --sha-r- c:\windows\system32\locatord.dll
    2010-06-21 00:11:20 0 d-----w- c:\docume~1\alluse~1\applic~1\TomTom
    2010-06-21 00:10:07 0 d-----w- c:\docume~1\owner\applic~1\TomTom
    2010-06-21 00:09:55 0 d-----w- c:\program files\TomTom International B.V
    2010-06-21 00:09:36 0 d-----w- c:\program files\TomTom HOME 2
    2010-06-18 09:40:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-16 18:18:11 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-06-16 18:18:10 159232 ----a-w- c:\windows\system32\ptpusd.dll

    ==================== Find3M ====================

    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-15 21:27:15 87608 ----a-w- c:\docume~1\owner\applic~1\inst.exe
    2010-04-15 21:27:15 47360 ----a-w- c:\docume~1\owner\applic~1\pcouffin.sys
    2004-10-01 18:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2010-02-24 16:34:23 48303392 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-02-24 16:34:24 1333280 --sha-w- c:\windows\system32\drivers\fidbox2.dat

    ============= FINISH: 20:00:05.89 ===============
     
    Dcmurray,
    #1
  2. 2010/06/29
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/31/2003 8:09:38 AM
    System Uptime: 6/29/2010 7:29:20 PM (1 hours ago)

    Motherboard: Intel Corporation | | D945GPM
    Processor: Intel(R) Celeron(R) CPU 3.06GHz | J3E1 | 3066/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 345.881 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/1000 PL Network Connection
    Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
    Manufacturer: Intel
    Name: Intel(R) PRO/1000 PL Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
    Service: e1express

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\AWY0001\4&3036D68D&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\4&3036D68D&0
    Service:

    ==== System Restore Points ===================

    RP1: 6/28/2010 6:59:08 AM - System Checkpoint
    RP2: 6/28/2010 7:21:30 AM - Removed Kaspersky Internet Security 2010.
    RP3: 6/28/2010 7:42:08 AM - Installed HiJackThis
    RP4: 6/28/2010 7:39:23 PM - Norton_Power_Eraser_20100628193909328
    RP5: 6/29/2010 7:37:29 AM - Removed TuneUp Utilities
    RP6: 6/29/2010 7:38:33 AM - Removed TuneUp Utilities Language Pack (en-US)
    RP7: 6/29/2010 7:40:30 AM - Software Distribution Service 3.0

    ==== Image File Execution Options =============

    IFEO: mrt.exe - svchost.exe
    IFEO: msfwsvc.exe - svchost.exe
    IFEO: MsMpEng.exe - svchost.exe
    IFEO: msseces.exe - svchost.exe
    IFEO: OcHealthMon.exe - svchost.exe
    IFEO: winss.exe - svchost.exe
    IFEO: winssnotify.exe - svchost.exe
    IFEO: WinSSUI.exe - svchost.exe

    ==== Hosts File Hijack ======================

    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.getantivirusplusnow.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com
    Hosts: 74.125.45.100 www.getavplusnow.com
    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure.paysecuresystem.com
    Hosts: 74.125.45.100 paysoftbillsolution.com
    Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    Hosts: 94.75.207.108 www.google.com
    Hosts: 94.75.207.108 google.com
    Hosts: 94.75.207.108 google.com.au
    Hosts: 94.75.207.108 www.google.com.au
    Hosts: 94.75.207.108 google.be
    Hosts: 94.75.207.108 www.google.be
    Hosts: 94.75.207.108 google.com.br
    Hosts: 94.75.207.108 www.google.com.br
    Hosts: 94.75.207.108 google.ca
    Hosts: 94.75.207.108 www.google.ca
    Hosts: 94.75.207.108 google.ch
    Hosts: 94.75.207.108 www.google.ch
    Hosts: 94.75.207.108 google.de
    Hosts: 94.75.207.108 www.google.de
    Hosts: 94.75.207.108 google.dk
    Hosts: 94.75.207.108 www.google.dk
    Hosts: 94.75.207.108 google.fr
    Hosts: 94.75.207.108 www.google.fr
    Hosts: 94.75.207.108 google.ie
    Hosts: 94.75.207.108 www.google.ie
    Hosts: 94.75.207.108 google.it
    Hosts: 94.75.207.108 www.google.it
    Hosts: 94.75.207.108 google.co.jp
    Hosts: 94.75.207.108 www.google.co.jp
    Hosts: 94.75.207.108 google.nl
    Hosts: 94.75.207.108 www.google.nl
    Hosts: 94.75.207.108 google.no
    Hosts: 94.75.207.108 www.google.no
    Hosts: 94.75.207.108 google.co.nz
    Hosts: 94.75.207.108 www.google.co.nz
    Hosts: 94.75.207.108 google.pl
    Hosts: 94.75.207.108 www.google.pl
    Hosts: 94.75.207.108 google.se
    Hosts: 94.75.207.108 www.google.se
    Hosts: 94.75.207.108 google.co.uk
    Hosts: 94.75.207.108 www.google.co.uk
    Hosts: 94.75.207.108 google.co.za
    Hosts: 94.75.207.108 www.google.co.za
    Hosts: 94.75.207.108 www.google-analytics.com
    Hosts: 94.75.207.108 www.bing.com
    Hosts: 94.75.207.108 search.yahoo.com
    Hosts: 94.75.207.108 www.search.yahoo.com
    Hosts: 94.75.207.108 uk.search.yahoo.com
    Hosts: 94.75.207.108 ca.search.yahoo.com
    Hosts: 94.75.207.108 de.search.yahoo.com
    Hosts: 94.75.207.108 fr.search.yahoo.com
    Hosts: 94.75.207.108 au.search.yahoo.com

    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    AiO_Scan_CDA
    AiOSoftwareNPI
    ArcSoft PhotoImpression
    Avery Wizard 3.1
    Bejeweled 2 Deluxe 1.1.3.2523
    Brain Games Mahjongg
    BufferChm
    C3100
    c3100_Help
    CCleaner
    CleanUp!
    Compatibility Pack for the 2007 Office system
    D-Link RangeBooster N DWA-142
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DVD Shrink 3.2
    DVD Solution
    eGames Collector's Edition
    eSupportQFolder
    Fax_CDA
    Google Earth
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Imaging Device Functions 7.0
    HP Photosmart and Deskjet 7.0.A
    HP Photosmart Essential
    HP Product Assistant
    HP Software Update
    HP Solution Center 7.0
    HPPhotoSmartExpress
    HPProductAssistant
    ImagXpress
    InstantShareDevicesMFC
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections 14.2.100.0
    Intel® Matrix Storage Manager
    Java(TM) 6 Update 15
    Junk Mail filter update
    KaraFun 1.18
    LG MC USB U330 driver
    LG PC Suite II
    LimeWire 5.5.8
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Live Add-in 1.3
    Microsoft Office XP Professional with FrontPage
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.6)
    MSN
    MSRedist
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MySQL Connector/ODBC 3.51
    Nero OEM
    neroxml
    NewCopy_CDA
    Norton Internet Security
    Norton Online
    Norton Safety Minder
    OCR Software by I.R.I.S 7.0
    PanoStandAlone
    PowerDVD
    PowerProducer
    ProductContextNPI
    QuickTax 2008
    QuickTime
    Readme
    RPS CRT
    Samsung USB Driver (MCCI 4.34) WHQL v3.4
    Scan
    ScannerCopy
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Segoe UI
    Shape Collage
    Simply Accounting by Sage 2009
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Text-To-Speech-Runtime
    TomTom HOME 2.7.4.1962
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Xvid 1.2.2 final uninstall
    Zuma's Revenge!

    ==== Event Viewer Messages From Past Week ========

    6/29/2010 8:21:30 AM, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the file specified.
    6/29/2010 7:37:33 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMSMR100\0000 disappeared from the system without first being prepared for removal.
    6/28/2010 7:42:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetworkX
    6/28/2010 5:50:31 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
    6/24/2010 9:12:55 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 00195B5556A9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    6/23/2010 7:34:56 AM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
    6/23/2010 7:34:56 AM, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the path specified.

    ==== End Of File ===========================
     
    Dcmurray,
    #2


  3. to hide this advert.

  4. 2010/06/29
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #3
  5. 2010/06/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it.
    * click Restore MS Hosts File and then click OK.
    * Click the X to exit the program

    Restart computer.

    ==============================================================

    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2010/06/30
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    Downloaded HostsXpert. I receive this warning: Your HOSTS file is marked as a "system file" and can NOT be manipulated. Press OK to remove the system file attributes, Cancel to Quit.

    Pressed OK and then received - ERROR Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts.

    Continuing on to other instructions now.
     
    Dcmurray,
    #5
  7. 2010/06/30
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4260

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/30/2010 7:57:30 AM
    mbam-log-2010-06-30 (07-57-30).txt

    Scan type: Quick scan
    Objects scanned: 154693
    Time elapsed: 11 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 1
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\Owner\Application Data\Security Master AV (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Owner\Application Data\Security Master AV\cookies.sqlite (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\Security Master AV\Instructions.ini (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.LNK (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Start Menu\Security Master AV.LNK (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
     
    Dcmurray,
    #6
  8. 2010/06/30
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    GMER Log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-30 09:46:53
    Windows 5.1.2600 Service Pack 3
    Running: cqv5i73r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgecrfog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8172B808 ZwAlertResumeThread
    SSDT 8172B8E8 ZwAlertThread
    SSDT 8174B630 ZwAllocateVirtualMemory
    SSDT 81726390 ZwAssignProcessToJobObject
    SSDT 817A5FB0 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA5813E0]
    SSDT 81732D30 ZwCreateMutant
    SSDT 8171F580 ZwCreateSymbolicLinkObject
    SSDT 817A04B8 ZwCreateThread
    SSDT 81726470 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA581660]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA581BC0]
    SSDT 816F7C00 ZwDuplicateObject
    SSDT 81728CF0 ZwFreeVirtualMemory
    SSDT 81732700 ZwImpersonateAnonymousToken
    SSDT 817327C0 ZwImpersonateThread
    SSDT 816B2378 ZwLoadDriver
    SSDT 81728C10 ZwMapViewOfSection
    SSDT 81732C50 ZwOpenEvent
    SSDT 8174C7D0 ZwOpenProcess
    SSDT 816F7110 ZwOpenProcessToken
    SSDT 817224D0 ZwOpenSection
    SSDT 816F7CF0 ZwOpenThread
    SSDT 8171F650 ZwProtectVirtualMemory
    SSDT 8172B9C8 ZwResumeThread
    SSDT 81728698 ZwSetContextThread
    SSDT 81728778 ZwSetInformationProcess
    SSDT 81722388 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA581E10]
    SSDT 81732B70 ZwSuspendProcess
    SSDT 817413C8 ZwSuspendThread
    SSDT 8174C928 ZwTerminateProcess
    SSDT 817414A8 ZwTerminateThread
    SSDT 81728848 ZwUnmapViewOfSection
    SSDT 8174B540 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? wyghs.sys The system cannot find the file specified. !
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2824] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104505FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 03C9003A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0116B833
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0116C549
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0116C25D
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0116C465
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0116B779
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0116C300
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0116C3A7
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 0116BBA6
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0116C7A9
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0116CCD1
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0116C6DF
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0116CBEF
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0116D07C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0116D143
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0116BC7E
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 0116CB0A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 0116C94C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 0116C5D4
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 0116C873
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3260] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 0116CA25

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
    Dcmurray,
    #7
  9. 2010/06/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2010/06/30
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    ComboFix 10-06-30.01 - Owner 06/30/2010 19:59:43.6.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.202 [GMT -3:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\74fa3dc
    c:\documents and settings\All Users\Application Data\74fa3dc\762.mof
    c:\documents and settings\All Users\Application Data\74fa3dc\mozcrt19.dll
    c:\documents and settings\All Users\Application Data\74fa3dc\SMAV.ico
    c:\documents and settings\All Users\Application Data\74fa3dc\SMAVSys\vd952342.bd
    c:\documents and settings\All Users\Application Data\74fa3dc\sqlite3.dll
    c:\documents and settings\Owner\Application Data\inst.exe
    c:\documents and settings\Owner\Recent\ANTIGEN.sys
    c:\documents and settings\Owner\Recent\cb.dll
    c:\documents and settings\Owner\Recent\cid.sys
    c:\documents and settings\Owner\Recent\DBOLE.tmp
    c:\documents and settings\Owner\Recent\eb.dll
    c:\documents and settings\Owner\Recent\kernel32.exe
    c:\documents and settings\Owner\Recent\PE.drv
    c:\documents and settings\Owner\Recent\PE.sys
    c:\documents and settings\Owner\Recent\runddlkey.exe
    c:\documents and settings\Owner\Recent\runddlkey.sys
    c:\documents and settings\Owner\Recent\sld.exe
    c:\documents and settings\Owner\Recent\sld.sys
    c:\documents and settings\Owner\Recent\snl2w.drv
    c:\documents and settings\Owner\Recent\snl2w.sys
    c:\documents and settings\Owner\Recent\tjd.dll
    c:\windows\Qsasua.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
    .

    2010-06-28 23:03 . 2010-05-25 23:38 813936 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\components\coFFFw.dll
    2010-06-28 22:59 . 2010-06-28 22:59 -------- d-----w- c:\windows\system32\drivers\NSM
    2010-06-28 22:59 . 2010-06-28 22:59 -------- d-----w- c:\program files\Norton Online
    2010-06-28 22:59 . 2010-06-28 22:59 -------- d-----w- c:\windows\system32\drivers\NOF
    2010-06-28 22:32 . 2010-06-28 22:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NPE
    2010-06-28 21:01 . 2010-06-28 21:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tific
    2010-06-28 21:00 . 2010-06-28 21:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific
    2010-06-28 21:00 . 2010-06-28 21:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec
    2010-06-28 20:42 . 2010-06-28 23:00 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-06-28 20:42 . 2010-06-28 23:00 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-06-28 20:42 . 2010-06-28 23:00 -------- d-----w- c:\program files\Symantec
    2010-06-28 20:42 . 2010-06-28 20:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-06-28 20:42 . 2010-06-29 10:32 -------- d-----w- c:\windows\system32\drivers\NIS
    2010-06-28 20:42 . 2010-06-28 20:42 -------- d-----w- c:\program files\Windows Sidebar
    2010-06-28 20:42 . 2010-06-28 20:42 -------- d-----w- c:\program files\Norton Internet Security
    2010-06-28 20:40 . 2010-06-28 22:58 -------- d-----w- c:\program files\NortonInstaller
    2010-06-28 11:48 . 2010-06-29 10:46 -------- d-----w- c:\program files\Panda Security
    2010-06-28 10:42 . 2010-06-28 10:42 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-27 18:41 . 2010-06-27 18:41 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMRIUAV
    2010-06-27 15:49 . 2010-06-27 15:49 52224 --sha-r- c:\windows\system32\locatord.dll
    2010-06-21 00:11 . 2010-06-21 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
    2010-06-21 00:10 . 2010-06-21 00:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\TomTom
    2010-06-21 00:10 . 2010-06-21 00:10 -------- d-----w- c:\documents and settings\Owner\Application Data\TomTom
    2010-06-21 00:09 . 2010-06-21 00:09 -------- d-----w- c:\program files\TomTom International B.V
    2010-06-21 00:09 . 2010-06-21 00:09 -------- d-----w- c:\program files\TomTom HOME 2
    2010-06-18 09:40 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-16 18:18 . 2001-08-18 01:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-06-16 18:18 . 2008-04-14 08:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-06-03 18:13 . 2010-06-03 18:13 -------- d-----w- c:\documents and settings\Kullen\Local Settings\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-30 20:44 . 2009-10-29 17:48 42 ----a-w- c:\windows\popcinfot.dat
    2010-06-30 10:43 . 2009-10-30 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-28 23:00 . 2010-06-28 20:42 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-06-28 23:00 . 2010-06-28 20:42 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-06-28 22:59 . 2010-02-20 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-06-28 10:26 . 2010-03-26 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-06-27 03:02 . 2010-03-17 01:15 -------- d-----w- c:\documents and settings\Kullen\Application Data\uTorrent
    2010-06-24 14:34 . 2009-08-21 19:32 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
    2010-06-20 23:16 . 2009-09-29 16:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express
    2010-06-17 19:35 . 2009-10-29 17:48 58 ---h--w- c:\windows\popcreg.dat
    2010-06-09 10:58 . 2010-05-04 19:28 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-06-09 10:56 . 2010-05-04 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-06-09 10:53 . 2010-05-04 19:26 -------- d-----w- c:\program files\DivX
    2010-06-07 11:23 . 2009-08-24 19:41 -------- d-----w- c:\program files\PopCap Games
    2010-06-06 01:30 . 2009-12-21 02:07 -------- d-----w- c:\documents and settings\Kullen\Application Data\Image Zone Express
    2010-05-29 01:31 . 2010-03-17 21:27 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
    2010-05-25 18:36 . 2010-05-24 23:34 -------- d-----w- c:\documents and settings\Kullen\Application Data\DivX
    2010-05-19 22:55 . 2009-08-21 19:29 -------- d-----w- c:\program files\LimeWire
    2010-05-19 11:08 . 2010-03-17 01:15 -------- d-----w- c:\program files\uTorrent
    2010-05-18 03:46 . 2009-08-24 20:58 -------- d-----w- c:\program files\Google
    2010-05-09 21:21 . 2010-05-06 11:01 -------- d-----w- c:\program files\DVD Shrink
    2010-05-08 15:27 . 2009-08-20 18:56 -------- d-----w- c:\program files\CCleaner
    2010-05-06 11:01 . 2010-05-06 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 20:49 . 2010-05-04 19:27 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
    2010-05-04 19:19 . 2010-05-04 19:27 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 18:39 . 2009-10-30 00:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 18:39 . 2009-10-30 00:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-18 20:59 . 2010-04-18 20:59 0 ----a-w- c:\windows\nsreg.dat
    2010-04-17 20:57 . 2010-04-23 12:25 242186 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
    2010-04-15 21:27 . 2010-02-18 22:02 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
    2010-04-15 21:27 . 2010-02-18 22:02 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
    2004-10-01 18:00 . 2009-08-25 13:55 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2010-02-24 16:34 . 2009-08-21 16:54 48303392 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-02-24 16:34 . 2009-08-21 16:54 1333280 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    .

    ------- Sigcheck -------

    [-] 2009-08-20 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3 "= "advpack.dll" [2009-03-08 128512]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood "= 1 (0x1)
    "MaxRecentDocs "= 5 (0x5)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe "=c:\windows\system32\ctfmon.exe
    "NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    "HotKeysCmds "=c:\windows\system32\hkcmd.exe
    "RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    "ConnectionManager "=c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    "AVP "= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe "=
    "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [6/28/2010 8:45 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [6/28/2010 8:45 PM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/19/2010 12:46 AM 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [6/28/2010 8:45 PM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [6/28/2010 8:45 PM 116784]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [6/28/2010 8:44 PM 126392]
    R2 NOF;Norton Online;c:\program files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe [6/28/2010 7:59 PM 126904]
    R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/21/2009 12:20 PM 16680]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [5/7/2010 9:36 AM 92008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2010 8:45 PM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100629.001\IDSXpx86.sys [6/30/2010 7:38 AM 331640]
    S2 gupdate1ca24fdf82ceca0;Google Update Service (gupdate1ca24fdf82ceca0);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2009 6:00 PM 133104]
    S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\NSM\0200000.02A\symrdr.sys [6/28/2010 7:59 PM 180912]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-30 c:\windows\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
    - c:\program files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.42\TampMon.exe [2010-06-28 21:25]

    2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 21:00]

    2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-24 21:00]

    2010-06-30 c:\windows\Tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.cbc.ca/ns/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/ns/|http://www.sympatico.ca/
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\components\coFFFw.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-30 20:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \ "NIS\" /m \ "c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1 "
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOF]
    "ImagePath "= "\ "c:\program files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe\" /s \ "NOF\" /m \ "c:\program files\Norton Online\Engine\2.0.0.66\diMaster.dll\" /prefetch:1 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(700)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2010-06-30 20:15:08
    ComboFix-quarantined-files.txt 2010-06-30 23:15
    ComboFix2.txt 2010-04-11 15:46

    Pre-Run: 370,536,886,272 bytes free
    Post-Run: 370,730,553,344 bytes free

    - - End Of File - - 75719ECBACAB68AB3C24B996E3D9D6D7
     
    Dcmurray,
    #9
  11. 2010/06/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is your computer doing at the moment?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    =============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #10
  12. 2010/07/01
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    OTL Extras logfile created on: 7/1/2010 12:21:12 PM - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 50.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 346.51 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 243.88 Mb Total Space | 220.81 Mb Free Space | 90.54% Space Free | Partition Type: FAT

    Computer Name: OWNER-RFH54E5YG
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe" = C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:*:Enabled:mysqld-nt.exe 5.0.38 -- ()
    "C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe" = C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe:*:Enabled:SimplyConnectionManager.exe -- (Sage Software)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{142E0726-73B2-4CD5-95BE-8B018801886C}" = Simply Accounting by Sage 2009
    "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{37C11957-8228-4119-888D-3EA6B742BD9C}" = Simply Accounting by Sage 2009
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
    "{7CDA437D-FB09-4E7D-932D-2FB045AC5C2D}" = ArcSoft PhotoImpression
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A385AA5D-4B9C-4BB4-A3D9-8BA006D6E831}" = D-Link RangeBooster N DWA-142
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
    "{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
    "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}" = Simply Accounting by Sage 2009
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
    "{D879192D-3EB9-4A94-8444-66537AB64B64}" = RPS CRT
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{E0C90349-E55E-4161-87CF-6DCA54FFECF8}" = LG PC Suite II
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EEEFE7A9-293E-4F5F-A114-81731A9C3826}" = Intel(R) Network Connections 14.2.100.0
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
    "Brain Games Mahjongg" = Brain Games Mahjongg
    "CCleaner" = CCleaner
    "CleanUp!" = CleanUp!
    "DVD Shrink_is1" = DVD Shrink 3.2
    "eGames Collector's Edition" = eGames Collector's Edition
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
    "KaraFun_is1" = KaraFun 1.18
    "LimeWire" = LimeWire 5.5.8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NIS" = Norton Internet Security
    "NOF" = Norton Online
    "NSM" = Norton Safety Minder
    "ShapeCollage" = Shape Collage
    "TomTom HOME" = TomTom HOME 2.7.4.1962
    "uTorrent" = µTorrent
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "Zuma's Revenge!" = Zuma's Revenge!

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/28/2010 11:01:32 AM | Computer Name = OWNER-RFH54E5YG | Source = Google Update | ID = 20
    Description =

    Error - 6/28/2010 7:31:12 PM | Computer Name = OWNER-RFH54E5YG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/28/2010 7:31:18 PM | Computer Name = OWNER-RFH54E5YG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/28/2010 7:31:18 PM | Computer Name = OWNER-RFH54E5YG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/29/2010 8:50:26 PM | Computer Name = OWNER-RFH54E5YG | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 6/29/2010 10:09:36 PM | Computer Name = OWNER-RFH54E5YG | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 6/30/2010 6:15:40 AM | Computer Name = OWNER-RFH54E5YG | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 6/30/2010 6:22:44 AM | Computer Name = OWNER-RFH54E5YG | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 6/30/2010 4:09:52 PM | Computer Name = OWNER-RFH54E5YG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/30/2010 6:01:15 PM | Computer Name = OWNER-RFH54E5YG | Source = Google Update | ID = 20
    Description =

    [ System Events ]
    Error - 6/30/2010 7:01:25 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7000
    Description = The Security Services Driver (x86) service failed to start due to
    the following error: %%2

    Error - 6/30/2010 7:01:25 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7000
    Description = The Audio Service service failed to start due to the following error:
    %%3

    Error - 6/30/2010 7:01:26 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    NetworkX

    Error - 6/30/2010 8:51:28 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7000
    Description = The Security Services Driver (x86) service failed to start due to
    the following error: %%2

    Error - 6/30/2010 8:51:28 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7000
    Description = The Audio Service service failed to start due to the following error:
    %%3

    Error - 6/30/2010 8:51:29 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    NetworkX

    Error - 6/30/2010 5:51:25 PM | Computer Name = OWNER-RFH54E5YG | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.103 on
    the Network Card with network address 00195B5556A9.

    Error - 7/1/2010 9:42:44 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7000
    Description = The Security Services Driver (x86) service failed to start due to
    the following error: %%2

    Error - 7/1/2010 9:42:44 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7000
    Description = The Audio Service service failed to start due to the following error:
    %%3

    Error - 7/1/2010 9:42:45 AM | Computer Name = OWNER-RFH54E5YG | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    NetworkX


    < End of report >
     
    Dcmurray,
    #11
  13. 2010/07/01
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    OTL logfile created on: 7/1/2010 12:21:12 PM - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 50.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 346.51 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 243.88 Mb Total Space | 220.81 Mb Free Space | 90.54% Space Free | Partition Type: FAT

    Computer Name: OWNER-RFH54E5YG
    Current User Name: Owner

    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/01 12:19:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe
    PRC - [2010/05/07 09:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
    PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
    PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/01 12:19:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2010/05/14 02:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
    MOD - [2009/08/12 03:54:10 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/08/12 03:54:07 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    MOD - [2008/04/14 09:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (STacSV)
    SRV - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe -- (NOF)
    SRV - [2010/05/07 09:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
    SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
    SRV - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/06/28 20:00:00 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/06/28 19:23:41 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100630.041\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/06/28 19:23:41 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/06/28 19:23:41 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/06/28 19:23:41 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100630.041\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/19 00:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/05/28 16:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100630.006\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2010/05/10 23:03:44 | 000,180,912 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSM\0200000.02A\SymRdr.SYS -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
    DRV - [2010/05/06 01:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/29 02:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/22 00:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/21 23:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/21 23:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/25 21:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
    DRV - [2009/08/29 21:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
    DRV - [2009/08/21 11:58:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2009/08/21 11:56:47 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2009/06/24 01:54:16 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
    DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2008/12/05 00:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2008/04/14 09:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2006/11/27 00:38:10 | 000,499,328 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
    DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2005/03/28 16:34:00 | 000,011,018 | R--- | M] (OSA Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
    DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
    DRV - [2005/03/15 18:34:00 | 000,021,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
    DRV - [2005/03/04 19:07:00 | 000,008,704 | R--- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
    DRV - [2003/11/03 19:09:00 | 000,036,484 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/ns/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.cbc.ca/ns/|http://www.sympatico.ca/ "
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.0.0.42
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


    FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/06/29 07:43:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\ [2010/06/28 20:03:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/06/29 07:32:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/30 00:03:49 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 14:46:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2009/08/21 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/06/30 20:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions
    [2010/04/23 08:10:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/23 08:10:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/06/28 07:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/06/30 20:10:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.42\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 5
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072873752953 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219257687734 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/12/31 09:07:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/12/31 09:06:51 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
    Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/01 12:19:49 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/06/30 21:45:58 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/06/30 19:56:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/06/30 07:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HostsXpert
    [2010/06/28 20:45:15 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
    [2010/06/28 20:45:14 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
    [2010/06/28 20:45:14 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.sys
    [2010/06/28 20:45:14 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys
    [2010/06/28 20:45:13 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys
    [2010/06/28 20:45:13 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
    [2010/06/28 20:45:13 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys
    [2010/06/28 20:45:10 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.sys
    [2010/06/28 20:44:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1107000.00C
    [2010/06/28 19:59:50 | 000,180,912 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.sys
    [2010/06/28 19:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSM
    [2010/06/28 19:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSM\0200000.02A
    [2010/06/28 19:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Online
    [2010/06/28 19:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NOF
    [2010/06/28 19:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NOF\0200000.042
    [2010/06/28 19:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
    [2010/06/28 18:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Tific
    [2010/06/28 18:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
    [2010/06/28 18:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
    [2010/06/28 17:42:58 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/06/28 17:42:58 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/06/28 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/06/28 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/06/28 17:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2010/06/28 17:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
    [2010/06/28 17:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
    [2010/06/28 17:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2010/06/28 08:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010/06/27 15:41:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SMRIUAV
    [2010/06/20 21:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2010/06/20 21:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TomTom
    [2010/06/20 21:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TomTom
    [2010/06/20 21:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TomTom
    [2010/06/20 21:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
    [2010/06/20 21:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
    [2010/06/13 12:40:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2010/05/06 08:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    [2010/05/06 08:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
    [2010/05/05 18:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2010/05/04 16:35:17 | 000,000,000 | ---D | C] -- C:\divx
    [2010/05/04 16:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DivX
    [2010/05/04 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/05/04 16:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
    [2010/04/30 21:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
    [2010/04/30 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/04/30 19:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Recisio
    [2010/04/30 19:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\KaraFun
    [2010/04/29 18:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
    [2010/04/29 18:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/04/29 18:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/04/29 18:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
    [2010/04/29 18:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
    [2010/04/23 09:27:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2010/04/23 09:27:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2010/04/20 21:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
    [2010/04/18 17:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
    [2010/04/18 17:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/04/18 12:06:22 | 000,000,000 | ---D | C] -- C:\94c617b6aa561332f16a522712
    [2010/04/15 18:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
    [2010/04/15 18:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/07/01 12:22:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
    [2010/07/01 12:19:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/07/01 12:01:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/01 10:48:21 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job
    [2010/07/01 10:45:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/01 10:45:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/01 10:42:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/01 10:42:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/01 03:16:20 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/07/01 03:15:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/06/30 20:11:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/06/30 20:10:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/06/30 17:44:07 | 000,000,042 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
    [2010/06/30 08:05:35 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cqv5i73r.exe
    [2010/06/30 07:43:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/30 00:11:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/06/29 07:48:17 | 000,492,964 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/29 07:48:17 | 000,435,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/29 07:48:17 | 000,068,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/29 07:32:05 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
    [2010/06/29 07:31:40 | 000,578,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
    [2010/06/28 20:00:00 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/06/28 20:00:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/06/28 20:00:00 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/06/28 20:00:00 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/06/28 07:49:25 | 000,001,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
    [2010/06/28 07:38:15 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/06/27 12:49:18 | 000,052,224 | RHS- | M] () -- C:\WINDOWS\System32\locatord.dll
    [2010/06/25 09:50:51 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Anchor Industries Society Quote.doc
    [2010/06/25 07:39:19 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
    [2010/06/23 20:00:02 | 000,001,348 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/06/22 11:26:28 | 000,254,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PassportApplicationComplete.pdf
    [2010/06/21 14:10:18 | 000,002,131 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Brittany - June 30, 2010.pdf
    [2010/06/20 23:43:38 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/19 08:15:03 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/19 00:56:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/17 16:35:36 | 000,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
    [2010/06/16 19:34:02 | 000,000,752 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/06/13 12:51:07 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/06/13 12:51:07 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/06/12 16:01:55 | 004,285,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010/06/08 07:04:18 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NOF\0200000.042\isolate.ini
    [2010/06/07 08:23:57 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zuma's Revenge!.lnk
    [2010/06/06 11:47:31 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kathy Invoice1.xls
    [2010/05/27 16:09:36 | 006,460,460 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\TV Show Theme Songs - Game Shows - Jeopardy Think Music.wav
    [2010/05/20 21:05:52 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brittany.pdf
    [2010/05/19 19:55:52 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
    [2010/05/18 00:47:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/16 23:08:36 | 000,007,777 | R--- | M] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.cat
    [2010/05/14 03:32:01 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
    [2010/05/11 14:32:08 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Timesheet.xls
    [2010/05/11 08:04:24 | 000,042,039 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fat_Kid_T-Shirt.jpg
    [2010/05/10 23:03:44 | 000,180,912 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.sys
    [2010/05/10 23:03:36 | 000,001,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\SymRdr.inf
    [2010/05/09 18:21:00 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DVD Shrink 3.2.lnk
    [2010/05/08 12:27:47 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
    [2010/05/06 01:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
    [2010/05/06 01:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
    [2010/05/06 01:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
    [2010/05/06 01:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
    [2010/04/30 19:18:48 | 000,001,494 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KaraFun Editor.lnk
    [2010/04/30 19:18:48 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KaraFun.lnk
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/29 02:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
    [2010/04/29 02:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
    [2010/04/29 02:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
    [2010/04/28 20:41:24 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to My Pictures.lnk
    [2010/04/27 19:39:24 | 000,137,112 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\113009_dartmouth3.jpg
    [2010/04/27 19:29:56 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
    [2010/04/26 05:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat
    [2010/04/24 08:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf
    [2010/04/23 09:40:16 | 000,000,281 | -HS- | M] () -- C:\boot.ini
    [2010/04/22 00:02:36 | 000,007,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat
    [2010/04/22 00:02:36 | 000,007,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat
    [2010/04/22 00:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys
    [2010/04/22 00:01:56 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat
    [2010/04/21 23:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys
    [2010/04/21 23:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys
    [2010/04/21 23:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat
    [2010/04/21 23:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat
    [2010/04/21 23:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf
    [2010/04/21 23:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf
    [2010/04/21 09:14:55 | 000,000,352 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/04/18 17:59:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/04/15 18:27:15 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    [2010/04/15 18:27:15 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
    [2010/04/15 18:27:15 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
    [2010/04/15 18:13:25 | 000,045,110 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100415_181318.reg
    [2010/04/14 21:42:25 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
    [2010/04/13 20:11:46 | 000,006,662 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows BBS -.url
    [2010/04/13 17:39:45 | 000,227,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Google Maps.mht
    [2010/04/08 20:43:39 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Deck Plan.xls
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/30 08:05:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cqv5i73r.exe
    [2010/06/29 09:53:31 | 000,005,632 | -HS- | C] () -- C:\Documents and Settings\Owner\Thumbs.db
    [2010/06/29 07:31:34 | 000,578,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
    [2010/06/28 20:45:14 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat
    [2010/06/28 20:45:14 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat
    [2010/06/28 20:45:14 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat
    [2010/06/28 20:45:14 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat
    [2010/06/28 20:45:14 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf
    [2010/06/28 20:45:14 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.inf
    [2010/06/28 20:45:14 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
    [2010/06/28 20:45:14 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
    [2010/06/28 20:45:13 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat
    [2010/06/28 20:45:13 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat
    [2010/06/28 20:45:13 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf
    [2010/06/28 20:45:13 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf
    [2010/06/28 20:45:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
    [2010/06/28 20:45:11 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
    [2010/06/28 20:45:10 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.cat
    [2010/06/28 20:45:10 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.inf
    [2010/06/28 20:44:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
    [2010/06/28 20:03:28 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
    [2010/06/28 19:59:45 | 000,007,777 | R--- | C] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.cat
    [2010/06/28 19:59:45 | 000,001,487 | R--- | C] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\SymRdr.inf
    [2010/06/28 19:59:35 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NOF\0200000.042\isolate.ini
    [2010/06/28 17:42:58 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/06/28 17:42:58 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/06/28 17:42:51 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
    [2010/06/28 07:38:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/06/27 12:49:18 | 000,052,224 | RHS- | C] () -- C:\WINDOWS\System32\locatord.dll
    [2010/06/25 09:50:50 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Anchor Industries Society Quote.doc
    [2010/06/22 11:26:26 | 000,254,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PassportApplicationComplete.pdf
    [2010/06/21 14:10:18 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Brittany - June 30, 2010.pdf
    [2010/06/19 00:52:58 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/06/13 12:51:07 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/06/13 12:51:07 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/06/07 08:23:57 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zuma's Revenge!.lnk
    [2010/06/06 11:47:31 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kathy Invoice1.xls
    [2010/05/31 21:56:27 | 000,042,039 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Fat_Kid_T-Shirt.jpg
    [2010/05/27 16:25:12 | 006,460,460 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\TV Show Theme Songs - Game Shows - Jeopardy Think Music.wav
    [2010/05/20 21:38:13 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Brittany.pdf
    [2010/05/19 19:55:52 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
    [2010/05/18 00:47:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/11 14:02:23 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Timesheet.xls
    [2010/05/06 08:01:12 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DVD Shrink 3.2.lnk
    [2010/04/30 19:18:48 | 000,001,494 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KaraFun Editor.lnk
    [2010/04/30 19:18:48 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KaraFun.lnk
    [2010/04/28 20:41:24 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to My Pictures.lnk
    [2010/04/27 19:39:23 | 000,137,112 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\113009_dartmouth3.jpg
    [2010/04/23 08:09:31 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/04/18 17:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/04/15 18:13:19 | 000,045,110 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100415_181318.reg
    [2010/04/13 17:39:40 | 000,227,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Google Maps.mht
    [2010/04/08 19:51:01 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Deck Plan.xls
    [2010/03/17 07:58:16 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/03/17 07:58:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/02/20 00:06:33 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/02/11 16:51:01 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2009/12/09 19:01:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
    [2009/12/09 19:01:51 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2009/08/31 20:24:39 | 000,000,352 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/08/28 16:19:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/08/26 08:44:41 | 000,000,096 | ---- | C] () -- C:\WINDOWS\Simply.ini
    [2009/08/25 16:23:50 | 000,001,348 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/08/25 11:18:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
    [2009/08/25 11:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
    [2009/08/21 17:18:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2009/08/21 12:20:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
    [2009/08/21 11:58:27 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2009/08/20 16:49:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2009/08/20 16:49:33 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\llpink_.dll
    [2009/08/20 16:49:33 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
    [2009/08/20 16:17:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2010/02/24 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliant
    [2010/01/24 15:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/02/21 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/03/06 22:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect X2 Trial Version
    [2010/02/21 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/03/16 22:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/03/07 10:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
    [2009/12/09 19:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2010/02/21 12:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2010/02/16 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
    [2009/08/23 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/08/24 16:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2010/04/30 19:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
    [2010/06/27 15:41:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMRIUAV
    [2010/03/31 17:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/06/20 21:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2010/04/15 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/03/23 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
    [2010/03/24 11:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2010/04/23 09:27:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2010/02/24 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aliant
    [2010/03/06 20:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chief Architect X2 Trial Version
    [2010/04/23 09:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
    [2010/03/06 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
    [2010/06/20 20:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
    [2009/12/09 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics
    [2010/06/24 11:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
    [2010/02/16 12:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAGIX
    [2009/08/23 18:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
    [2010/06/28 18:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
    [2010/06/20 21:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
    [2010/04/15 18:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
    [2010/03/27 12:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
    [2010/05/28 22:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2010/04/15 18:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
    [2010/07/01 12:22:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
    [2010/07/01 10:48:21 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========
     
    Dcmurray,
    #12
  14. 2010/07/01
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    Log continued...





    < >

    < %SYSTEMDRIVE%\*.* >
    [2003/12/31 09:07:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/08/31 22:17:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/04/23 09:40:16 | 000,000,281 | -HS- | M] () -- C:\boot.ini
    [2009/08/20 16:49:43 | 000,000,192 | ---- | M] () -- C:\CKINFO.TXT
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2009/10/28 08:09:57 | 000,013,719 | ---- | M] () -- C:\ComboFix.2.txt
    [2010/06/30 20:15:09 | 000,020,763 | ---- | M] () -- C:\ComboFix.txt
    [2003/12/31 09:07:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2003/12/31 09:07:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2003/12/31 09:07:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 09:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/07/01 10:42:23 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 09:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/02/09 15:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2010/06/27 12:49:18 | 000,052,224 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\locatord.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2003/12/31 04:40:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2003/12/31 04:40:35 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2003/12/31 04:40:35 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/14 09:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/14 09:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    < End of report >





    Everything seems to be working as normal now. I had just installed Norton before I started this thread, so I really dont know how this program is affecting things. The only thing that seems a little slow is opening Firefox, it is taking a little longer than normal but not by much, certainly not as slow as it was.

    Thanks so far

    Dana
     
    Dcmurray,
    #13
  15. 2010/07/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to hear good news :)
    Your computer would definitely benefit from another 512MB of RAM.

    =================================================================

    As for Firefox, it may be caused by some Norton's plugin, or some add-on.
    Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same thing?

    =================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

    ==================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab  (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
[2010/01/24 15:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/21 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #14
  16. 2010/07/04
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\cache folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log\IDP\log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log\IDP folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dallas
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Java cache emptied: 17028050 bytes
    ->FireFox cache emptied: 57718573 bytes
    ->Flash cache emptied: 258397 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 469 bytes
    ->Flash cache emptied: 41 bytes

    User: Kullen
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Java cache emptied: 17812522 bytes
    ->FireFox cache emptied: 37272637 bytes
    ->Flash cache emptied: 202147 bytes

    User: LocalService
    ->Temp folder emptied: 480 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Logan
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Java cache emptied: 14242159 bytes
    ->FireFox cache emptied: 86929603 bytes
    ->Flash cache emptied: 147703 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Owner
    ->Temp folder emptied: 1045 bytes
    ->Temporary Internet Files folder emptied: 1984663 bytes
    ->Java cache emptied: 680145 bytes
    ->FireFox cache emptied: 56914753 bytes
    ->Flash cache emptied: 113057 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 5689116 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33061 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 74514 bytes

    Total Files Cleaned = 283.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Dallas
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kullen
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Logan
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.7.0 log created on 07042010_153150

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\NSM-{229F1466-FDCB-49C8-8021-33C60FF24005}.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6a8.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_700.dat not found!

    Registry entries deleted on Reboot...
     
    Dcmurray,
    #15
  17. 2010/07/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
    broni,
    #16
  18. 2010/07/04
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    OTL logfile created on: 7/4/2010 3:38:20 PM - Run 2
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 346.66 Gb Free Space | 74.43% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OWNER-RFH54E5YG
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/01 12:19:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/06/27 14:46:05 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/06/27 14:46:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe
    PRC - [2010/05/07 09:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
    PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
    PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/01 12:19:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2010/05/14 02:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
    MOD - [2009/08/12 03:54:10 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/08/12 03:54:07 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    MOD - [2008/04/14 09:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (STacSV)
    SRV - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Online\Engine\2.0.0.66\ccSvcHst.exe -- (NOF)
    SRV - [2010/05/07 09:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
    SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
    SRV - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/06/28 20:00:00 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/06/28 19:23:41 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100704.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/06/28 19:23:41 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/06/28 19:23:41 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/06/28 19:23:41 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100704.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/19 00:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/05/28 16:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100702.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2010/05/10 23:03:44 | 000,180,912 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSM\0200000.02A\SymRdr.SYS -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
    DRV - [2010/05/06 01:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/29 02:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/22 00:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/21 23:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/21 23:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/25 21:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
    DRV - [2009/08/29 21:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
    DRV - [2009/08/21 11:58:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2009/08/21 11:56:47 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2009/06/24 01:54:16 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
    DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2008/12/05 00:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2008/04/14 09:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2006/11/27 00:38:10 | 000,499,328 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
    DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2005/03/28 16:34:00 | 000,011,018 | R--- | M] (OSA Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
    DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
    DRV - [2005/03/15 18:34:00 | 000,021,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
    DRV - [2005/03/04 19:07:00 | 000,008,704 | R--- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
    DRV - [2003/11/03 19:09:00 | 000,036,484 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/ns/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.cbc.ca/ns/|http://www.sympatico.ca/ "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.0.0.42
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


    FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/06/29 07:43:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\ [2010/06/28 20:03:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/06/29 07:32:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/30 00:03:49 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 15:28:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2009/08/21 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/07/04 11:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions
    [2010/04/23 08:10:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/23 08:10:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/04 11:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/01 18:27:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/07/04 15:33:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.42\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 5
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072873752953 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219257687734 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/12/31 09:07:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/04 15:31:50 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/07/01 18:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/07/01 18:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/07/01 15:47:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/01 12:19:49 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/06/30 21:45:58 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/06/30 19:56:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/06/30 07:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HostsXpert
    [2010/06/28 20:45:15 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
    [2010/06/28 20:45:14 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
    [2010/06/28 20:45:14 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.sys
    [2010/06/28 20:45:14 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys
    [2010/06/28 20:45:13 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys
    [2010/06/28 20:45:13 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
    [2010/06/28 20:45:13 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys
    [2010/06/28 20:45:10 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.sys
    [2010/06/28 20:44:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1107000.00C
    [2010/06/28 19:59:50 | 000,180,912 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.sys
    [2010/06/28 19:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSM
    [2010/06/28 19:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSM\0200000.02A
    [2010/06/28 19:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Online
    [2010/06/28 19:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NOF
    [2010/06/28 19:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NOF\0200000.042
    [2010/06/28 19:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
    [2010/06/28 18:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Tific
    [2010/06/28 18:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
    [2010/06/28 18:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
    [2010/06/28 17:42:58 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/06/28 17:42:58 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/06/28 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/06/28 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/06/28 17:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2010/06/28 17:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
    [2010/06/28 17:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
    [2010/06/28 17:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2010/06/28 08:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010/06/27 15:41:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SMRIUAV
    [2010/06/20 21:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2010/06/20 21:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TomTom
    [2010/06/20 21:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TomTom
    [2010/06/20 21:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TomTom
    [2010/06/20 21:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
    [2010/06/20 21:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
    [2010/06/13 12:40:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2010/05/06 08:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    [2010/05/06 08:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
    [2010/05/05 18:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2010/05/04 16:35:17 | 000,000,000 | ---D | C] -- C:\divx
    [2010/05/04 16:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DivX
    [2010/05/04 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/05/04 16:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
    [2010/04/30 21:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
    [2010/04/30 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/04/30 19:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Recisio
    [2010/04/30 19:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\KaraFun
    [2010/04/29 18:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
    [2010/04/29 18:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/04/29 18:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/04/29 18:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
    [2010/04/29 18:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
    [2010/04/23 09:27:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2010/04/23 09:27:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2010/04/20 21:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
    [2010/04/18 17:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
    [2010/04/18 17:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/04/18 12:06:22 | 000,000,000 | ---D | C] -- C:\94c617b6aa561332f16a522712
    [2010/04/15 18:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
    [2010/04/15 18:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

    ========== Files - Modified Within 90 Days ==========

    [2010/07/04 15:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
    [2010/07/04 15:34:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/04 15:34:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/04 15:34:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/04 15:34:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/04 15:33:15 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/07/04 15:33:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/07/04 15:33:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/07/04 15:20:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/07/04 15:01:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/04 13:21:16 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job
    [2010/07/03 10:35:06 | 000,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
    [2010/07/03 10:35:06 | 000,000,042 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
    [2010/07/03 08:50:30 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
    [2010/07/01 18:39:20 | 000,001,348 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/07/01 18:11:54 | 000,072,785 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\f5d7522e.gif
    [2010/07/01 12:19:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/06/30 20:11:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/06/30 08:05:35 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cqv5i73r.exe
    [2010/06/30 07:43:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/29 07:48:17 | 000,492,964 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/29 07:48:17 | 000,435,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/29 07:48:17 | 000,068,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/29 07:32:05 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
    [2010/06/29 07:31:40 | 000,578,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
    [2010/06/28 20:00:00 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/06/28 20:00:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/06/28 20:00:00 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/06/28 20:00:00 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/06/28 07:49:25 | 000,001,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
    [2010/06/28 07:38:15 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/06/27 12:49:18 | 000,052,224 | RHS- | M] () -- C:\WINDOWS\System32\locatord.dll
    [2010/06/25 09:50:51 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Anchor Industries Society Quote.doc
    [2010/06/25 07:39:19 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
    [2010/06/22 11:26:28 | 000,254,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PassportApplicationComplete.pdf
    [2010/06/21 14:10:18 | 000,002,131 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Brittany - June 30, 2010.pdf
    [2010/06/20 23:43:38 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/19 08:15:03 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/19 00:56:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/16 19:34:02 | 000,000,752 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/06/13 12:51:07 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/06/13 12:51:07 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/06/12 16:01:55 | 004,285,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010/06/08 07:04:18 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NOF\0200000.042\isolate.ini
    [2010/06/07 08:23:57 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zuma's Revenge!.lnk
    [2010/06/06 11:47:31 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kathy Invoice1.xls
    [2010/05/27 16:09:36 | 006,460,460 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\TV Show Theme Songs - Game Shows - Jeopardy Think Music.wav
    [2010/05/20 21:05:52 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brittany.pdf
    [2010/05/19 19:55:52 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
    [2010/05/18 00:47:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/16 23:08:36 | 000,007,777 | R--- | M] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.cat
    [2010/05/14 03:32:01 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
    [2010/05/11 14:32:08 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Timesheet.xls
    [2010/05/11 08:04:24 | 000,042,039 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fat_Kid_T-Shirt.jpg
    [2010/05/10 23:03:44 | 000,180,912 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.sys
    [2010/05/10 23:03:36 | 000,001,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\SymRdr.inf
    [2010/05/09 18:21:00 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DVD Shrink 3.2.lnk
    [2010/05/08 12:27:47 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
    [2010/05/06 01:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
    [2010/05/06 01:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
    [2010/05/06 01:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
    [2010/05/06 01:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
    [2010/04/30 19:18:48 | 000,001,494 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KaraFun Editor.lnk
    [2010/04/30 19:18:48 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KaraFun.lnk
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/29 02:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
    [2010/04/29 02:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
    [2010/04/29 02:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
    [2010/04/28 20:41:24 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to My Pictures.lnk
    [2010/04/27 19:39:24 | 000,137,112 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\113009_dartmouth3.jpg
    [2010/04/27 19:29:56 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
    [2010/04/26 05:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat
    [2010/04/24 08:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf
    [2010/04/23 09:40:16 | 000,000,281 | -HS- | M] () -- C:\boot.ini
    [2010/04/22 00:02:36 | 000,007,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat
    [2010/04/22 00:02:36 | 000,007,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat
    [2010/04/22 00:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys
    [2010/04/22 00:01:56 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat
    [2010/04/21 23:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys
    [2010/04/21 23:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys
    [2010/04/21 23:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat
    [2010/04/21 23:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat
    [2010/04/21 23:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf
    [2010/04/21 23:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf
    [2010/04/21 09:14:55 | 000,000,352 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/04/18 17:59:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/04/15 18:27:15 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    [2010/04/15 18:27:15 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
    [2010/04/15 18:27:15 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
    [2010/04/15 18:13:25 | 000,045,110 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100415_181318.reg
    [2010/04/13 20:11:46 | 000,006,662 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows BBS -.url
    [2010/04/13 17:39:45 | 000,227,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Google Maps.mht
    [2010/04/08 20:43:39 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Deck Plan.xls

    ========== Files Created - No Company Name ==========

    [2010/07/04 15:29:28 | 000,072,785 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\f5d7522e.gif
    [2010/06/30 08:05:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cqv5i73r.exe
    [2010/06/29 09:53:31 | 000,005,632 | -HS- | C] () -- C:\Documents and Settings\Owner\Thumbs.db
    [2010/06/29 07:31:34 | 000,578,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
    [2010/06/28 20:45:14 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat
    [2010/06/28 20:45:14 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat
    [2010/06/28 20:45:14 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat
    [2010/06/28 20:45:14 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat
    [2010/06/28 20:45:14 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf
    [2010/06/28 20:45:14 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.inf
    [2010/06/28 20:45:14 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
    [2010/06/28 20:45:14 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
    [2010/06/28 20:45:13 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat
    [2010/06/28 20:45:13 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat
    [2010/06/28 20:45:13 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf
    [2010/06/28 20:45:13 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf
    [2010/06/28 20:45:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
    [2010/06/28 20:45:11 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
    [2010/06/28 20:45:10 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.cat
    [2010/06/28 20:45:10 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.inf
    [2010/06/28 20:44:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
    [2010/06/28 20:03:28 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
    [2010/06/28 19:59:45 | 000,007,777 | R--- | C] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\symrdr.cat
    [2010/06/28 19:59:45 | 000,001,487 | R--- | C] () -- C:\WINDOWS\System32\drivers\NSM\0200000.02A\SymRdr.inf
    [2010/06/28 19:59:35 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NOF\0200000.042\isolate.ini
    [2010/06/28 17:42:58 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/06/28 17:42:58 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/06/28 17:42:51 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
    [2010/06/28 07:38:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/06/27 12:49:18 | 000,052,224 | RHS- | C] () -- C:\WINDOWS\System32\locatord.dll
    [2010/06/25 09:50:50 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Anchor Industries Society Quote.doc
    [2010/06/22 11:26:26 | 000,254,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PassportApplicationComplete.pdf
    [2010/06/21 14:10:18 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Brittany - June 30, 2010.pdf
    [2010/06/19 00:52:58 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/06/13 12:51:07 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/06/13 12:51:07 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/06/07 08:23:57 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zuma's Revenge!.lnk
    [2010/06/06 11:47:31 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kathy Invoice1.xls
    [2010/05/31 21:56:27 | 000,042,039 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Fat_Kid_T-Shirt.jpg
    [2010/05/27 16:25:12 | 006,460,460 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\TV Show Theme Songs - Game Shows - Jeopardy Think Music.wav
    [2010/05/20 21:38:13 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Brittany.pdf
    [2010/05/19 19:55:52 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
    [2010/05/18 00:47:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/11 14:02:23 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Timesheet.xls
    [2010/05/06 08:01:12 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DVD Shrink 3.2.lnk
    [2010/04/30 19:18:48 | 000,001,494 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KaraFun Editor.lnk
    [2010/04/30 19:18:48 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KaraFun.lnk
    [2010/04/28 20:41:24 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to My Pictures.lnk
    [2010/04/27 19:39:23 | 000,137,112 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\113009_dartmouth3.jpg
    [2010/04/23 08:09:31 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/04/18 17:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/04/15 18:13:19 | 000,045,110 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100415_181318.reg
    [2010/04/13 17:39:40 | 000,227,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Google Maps.mht
    [2010/04/08 19:51:01 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Deck Plan.xls
    [2010/03/17 07:58:16 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/03/17 07:58:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/02/20 00:06:33 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/02/11 16:51:01 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2009/12/09 19:01:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
    [2009/12/09 19:01:51 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2009/08/31 20:24:39 | 000,000,352 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/08/28 16:19:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/08/26 08:44:41 | 000,000,096 | ---- | C] () -- C:\WINDOWS\Simply.ini
    [2009/08/25 16:23:50 | 000,001,348 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/08/25 11:18:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
    [2009/08/25 11:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
    [2009/08/21 17:18:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2009/08/21 12:20:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
    [2009/08/21 11:58:27 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2009/08/20 16:49:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2009/08/20 16:49:33 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\llpink_.dll
    [2009/08/20 16:49:33 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
    [2009/08/20 16:17:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2010/02/24 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliant
    [2010/03/06 22:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect X2 Trial Version
    [2010/02/21 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/03/16 22:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/03/07 10:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
    [2009/12/09 19:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2010/02/21 12:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2010/02/16 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
    [2009/08/23 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/08/24 16:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2010/04/30 19:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
    [2010/06/27 15:41:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMRIUAV
    [2010/03/31 17:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/06/20 21:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2010/04/15 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/03/23 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
    [2010/03/24 11:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2010/04/23 09:27:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2010/02/24 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aliant
    [2010/03/06 20:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chief Architect X2 Trial Version
    [2010/04/23 09:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
    [2010/03/06 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
    [2010/06/20 20:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
    [2009/12/09 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics
    [2010/06/24 11:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
    [2010/02/16 12:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAGIX
    [2009/08/23 18:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
    [2010/06/28 18:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
    [2010/06/20 21:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
    [2010/04/15 18:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
    [2010/03/27 12:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
    [2010/05/28 22:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2010/04/15 18:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
    [2010/07/04 15:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
    [2010/07/04 13:21:16 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job

    ========== Purity Check ==========


    < End of report >





    Yes Computer is smoother in Mozilla safemode. I stopped two add ons (Norton Toolbar and ADT) Everything else seems to be running fine.

    Thank you
     
    Dcmurray,
    #17
  19. 2010/07/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #18
  20. 2010/07/09
    Dcmurray

    Dcmurray Well-Known Member Thread Starter

    Joined:
    2006/11/09
    Messages:
    322
    Likes Received:
    0
    Kaspersky Online scan wont run. Everything else is good!
     
    Dcmurray,
    #19
  21. 2010/07/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...