Solved processes eating up memory - no log to post

Harpo · 2010/08/24

I had all programs closed before I ran it, and let it hang at FF settings about 10 minutes before I stopped it. It wasn't frozen to the point where I had to force quit - I was able to close by clicking on the red X. If I re-run it, how long should I let it hang before stopping it?

broni · 2010/08/24

Grab a cup of coffee and give it 30 minutes.

Harpo · 2010/08/24

OTL.txt:

OTL logfile created on: 8/24/2010 4:00:07 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Accounting & Payroll\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 55.00% Memory free
624.00 Mb Paging File | 421.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.25 Gb Total Space | 16.95 Gb Free Space | 48.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 35.25 Gb Total Space | 20.50 Gb Free Space | 58.15% Space Free | Partition Type: NTFS

Computer Name: ACCOUNTING
Current User Name: Accounting & Payroll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\desktop\OTL.exe
PRC - [2010/08/14 16:03:42 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2009/12/26 21:47:20 | 002,015,744 | ---- | M] (Mister Group) -- C:\Program Files\System Explorer\SystemExplorer.exe
PRC - [2009/10/10 14:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/16 06:01:16 | 001,666,048 | ---- | M] (Renier Crause) -- C:\Program Files\PopTray\PopTray.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\desktop\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/09/23 10:30:38 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe -- (OpenDNS Updater.exe)
SRV - [2010/04/14 05:23:40 | 000,073,960 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/07/15 15:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Accounting & Payroll\desktop\PeerBlock_r181__Win32_Release\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/14 05:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/10/24 06:24:57 | 000,037,440 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.drv -- (PsSdkLBF)
DRV - [2008/10/24 06:24:56 | 000,030,272 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk31.drv -- (PsSdk31)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 01:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2005/08/22 17:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 17:06:16 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/08/22 17:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/01/10 14:55:22 | 000,004,010 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2001/08/23 00:33:10 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/05/31 20:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2000/03/22 21:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.wcb.com/home/home
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..abine.backup.network.proxy.autoconfig_url: " "
FF - prefs.js..abine.backup.network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul "
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}:0.9.3
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.1
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.5
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.11
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..network.proxy.autoconfig_url: "abine://auto-conf.js "
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/24 09:02:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/23 09:40:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/29 09:27:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/05 08:23:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/18 07:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions
[2009/12/18 07:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/02/12 16:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\postbox@postbox-inc.com
[2009/07/09 14:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/24 11:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions
[2008/02/27 18:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)
[2010/08/05 10:05:12 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/03 13:28:10 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/08/19 10:17:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/08/22 18:33:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2008/02/27 18:08:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2010/05/13 10:19:46 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/02/27 18:08:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2008/02/27 18:08:59 | 000,000,000 | ---D | M] (Halloween) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}(2)
[2010/07/30 10:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/12/01 09:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}
[2010/06/11 16:57:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/24 10:30:32 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2010/08/05 10:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\netvideohunter@netvideohunter.com
[2010/08/19 10:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\optout@dubfire.net
[2008/08/28 07:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\perspectives@cmu.edu
[2009/06/23 10:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\twitkit@engel.uk.to
[2010/01/19 13:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2009/03/18 11:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Sunbird\Profiles\mgjv1xgt.default\extensions
[2008/12/09 13:19:47 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\askcom.xml
[2009/07/23 09:13:46 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\aviary.xml
[2009/07/07 10:10:17 | 000,002,836 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\bing.xml
[2008/06/24 10:01:07 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\goo-green-label.xml
[2010/07/19 12:04:41 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\ixquick-https.xml
[2010/07/19 12:05:01 | 000,005,479 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\startpage-https.xml
[2007/06/05 14:54:13 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\wikipedia-english.xml
[2010/08/24 11:20:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/09 11:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/08/23 09:44:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\PopTray.lnk = C:\Program Files\PopTray\PopTray.exe (Renier Crause)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\sunbird.exe.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe (Mozilla)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216943695906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 24.143.124.6 24.143.124.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/28 14:20:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 15:13:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\OTL.exe
[2010/08/24 14:40:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Accounting & Payroll\Recent
[2010/08/23 11:56:36 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/23 11:08:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/23 11:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\is it malware
[2010/08/23 09:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/20 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\Pery's false positives
[2010/08/17 08:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\forms
[2010/08/11 15:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Memos
[2010/08/09 09:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\PDF Ordinances
[2010/08/05 09:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/08/05 09:35:58 | 000,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2010/08/05 09:34:47 | 000,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/08/05 09:34:02 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2010/08/05 09:33:56 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/08/05 09:33:55 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2010/08/05 09:33:04 | 000,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2010/08/05 09:33:02 | 001,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2010/08/05 09:33:02 | 000,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2010/08/05 09:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/08/05 09:32:55 | 000,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2010/08/05 09:32:51 | 000,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/08/05 09:32:41 | 000,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2010/08/05 09:31:29 | 000,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2010/08/05 09:31:29 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2010/08/05 09:31:28 | 000,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2010/08/05 09:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/08/04 10:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\misc
[2010/08/03 16:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\policy making
[2010/06/29 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Ordinances & Resolutions
[2010/06/28 11:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\NSAT
[2010/06/15 12:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Abine
[2010/06/11 16:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/11 16:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/10 08:46:59 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2010/06/07 08:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/04 09:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\transfers
[2010/06/03 14:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/06/03 08:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Archived files

========== Files - Modified Within 90 Days ==========

[2010/08/24 15:58:24 | 001,398,816 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\OTL.exe
[2010/08/24 14:44:51 | 000,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/24 14:44:45 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 14:44:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 14:43:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 14:41:14 | 000,017,372 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/08/24 14:40:51 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\ntuser.dat
[2010/08/24 14:40:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Accounting & Payroll\ntuser.ini
[2010/08/24 12:35:50 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\lunch log.xls
[2010/08/24 11:57:39 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Reboot.lnk
[2010/08/24 08:27:19 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\MBRCheck.exe
[2010/08/23 09:46:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 09:44:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/19 10:21:13 | 000,003,044 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/19 09:12:23 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Water Bond Savings.xls
[2010/08/17 08:01:45 | 000,487,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 16:39:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/16 16:29:29 | 000,501,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 16:29:29 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 16:29:29 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 11:02:59 | 000,000,054 | ---- | M] () -- C:\WINDOWS\WB_SID.DAT
[2010/08/13 12:08:42 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\letterhead.doc
[2010/08/09 14:45:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/09 14:45:49 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/09 14:44:13 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/06 14:47:32 | 000,082,666 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Oregon Public Meeting Law reference.pdf
[2010/08/05 09:44:02 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/02 08:41:41 | 000,978,944 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Water-Sewer.mdb
[2010/07/26 16:57:53 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\CloseAll.lnk
[2010/07/14 17:58:03 | 000,000,892 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/08/24 11:57:09 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Reboot.lnk
[2010/08/24 08:26:43 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\MBRCheck.exe
[2010/08/09 14:45:49 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/09 14:45:49 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/09 14:44:13 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/06 14:47:32 | 000,082,666 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Oregon Public Meeting Law reference.pdf
[2010/08/05 09:47:16 | 001,398,816 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/05 09:47:16 | 000,017,372 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/08/05 09:34:04 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/08/05 09:32:41 | 000,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/04 09:11:06 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\lunch log.xls
[2010/07/26 16:57:53 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\CloseAll.lnk
[2010/05/03 10:37:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/04/05 12:27:34 | 000,003,044 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/01/29 09:03:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 19:57:36 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\Delphimm.dll
[2010/01/26 19:57:35 | 000,002,279 | ---- | C] () -- C:\WINDOWS\astclock.ini
[2008/09/24 18:33:13 | 000,000,122 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008/01/03 15:47:08 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/06/29 06:12:41 | 000,015,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbhr.sys
[2007/06/13 14:53:14 | 000,225,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/01/25 08:20:48 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\fusioncache.dat
[2006/11/10 15:12:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2006/10/30 11:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/10/25 09:22:59 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/20 07:18:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/10/20 07:16:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winreg.ini
[2006/04/11 09:38:33 | 000,007,978 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/11 09:38:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/07 08:16:41 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/04/07 08:16:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/01/11 14:43:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/02 11:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 11:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/05/17 16:21:11 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/17 16:21:11 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/17 16:15:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/10/13 08:56:22 | 000,037,888 | ---- | C] () -- C:\Program Files\wizmo.exe
[2003/06/04 15:45:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/05/31 14:13:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003/05/28 14:27:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\WB.INI
[2003/04/29 06:41:42 | 000,000,784 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/04/29 06:41:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/11 09:30:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/11 09:28:39 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2003/04/11 09:28:39 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2003/04/11 09:28:39 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2003/04/11 09:27:49 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2003/04/11 09:23:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/04/11 09:17:46 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/23 13:45:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/26 09:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2010/08/24 15:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Abine
[2010/01/13 12:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\GetRightToGo
[2009/03/13 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\GlarySoft
[2009/02/05 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\gtk-2.0
[2010/02/03 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\HandBrake
[2007/11/08 12:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Image Zone Express
[2009/04/14 09:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\OpenOffice.org
[2010/01/20 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Opera
[2007/10/11 06:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Printer Info Cache
[2009/10/09 14:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Stardock
[2009/10/07 16:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\TeamViewer
[2009/12/18 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Thunderbird
[2008/04/24 12:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\VSRevoGroup
[2010/02/03 19:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Winff
[2007/09/13 10:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\WinPatrol
[2007/08/22 11:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2010/08/05 09:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/12/11 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2009/02/12 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2008/06/03 09:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/09 16:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
[2010/08/24 14:40:55 | 000,032,552 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/12/04 12:29:46 | 000,001,024 | ---- | M] () -- C:\.rnd
[2003/05/28 14:20:44 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2008/12/11 16:26:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/02 17:38:42 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2003/05/28 13:57:36 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2002/09/23 13:12:06 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2009/11/05 09:39:55 | 000,000,066 | ---- | M] () -- C:\browserclean.bat
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2003/05/28 14:20:44 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/12/09 09:07:08 | 000,000,000 | ---- | M] () -- C:\cookiesnew.txt
[2010/08/16 10:54:51 | 000,001,920 | ---- | M] () -- C:\DIRDEP.TXT
[2003/05/28 14:20:45 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2003/04/11 09:29:28 | 000,000,155 | ---- | M] () -- C:\LOGFILE.txt
[2003/06/03 12:25:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/01/21 11:24:12 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/06 09:42:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/03/11 10:55:57 | 000,008,192 | ---- | M] () -- C:\ntuser.dat
[2009/09/03 15:06:32 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2007/07/10 20:08:24 | 000,215,928 | ---- | M] (Sysinternals) -- C:\pagedfrg.exe
[2007/07/10 20:08:12 | 000,008,419 | ---- | M] () -- C:\pagedfrg.hlp
[2010/08/24 14:43:47 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2010/08/23 08:41:12 | 000,000,342 | ---- | M] () -- C:\rkill.log
[2009/11/05 09:40:41 | 000,000,432 | ---- | M] () -- C:\Run CCleaner.lnk
[2003/04/11 09:24:30 | 000,000,032 | ---- | M] () -- C:\setup.log
[2003/04/29 06:36:16 | 000,000,390 | ---- | M] () -- C:\SYSLEVEL.IBM
[2003/05/28 13:57:36 | 000,262,144 | ---- | M] () -- C:\TAILFILE.TXT

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2008/10/16 21:35:50 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 04:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/23 13:18:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/09/23 13:18:12 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/09/23 13:18:12 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 06:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 06:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Extras.txt to follow...

Harpo · 2010/08/24

Extras.txt:

OTL Extras logfile created on: 8/24/2010 4:00:07 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Accounting & Payroll\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 55.00% Memory free
624.00 Mb Paging File | 421.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.25 Gb Total Space | 16.95 Gb Free Space | 48.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 35.25 Gb Total Space | 20.50 Gb Free Space | 58.15% Space Free | Partition Type: NTFS

Computer Name: ACCOUNTING
Current User Name: Accounting & Payroll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"18086:TCP" = 18086:TCP:*:Enabled:Vipre 18086
"18082:TCP" = 18082:TCP:*:Enabled:Vipre 18082

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{736CE9DD-F589-485B-ACFF-78C235A57066}" = WinPatrol
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.04.28
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}" = Ipswitch WS_FTP LE
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B0002F-FBFD-11D6-94B5-00E0189832CE}" = Color Network ScanGear Ver.1.1
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Password_is1" = Any Password 1.44
"CCleaner" = CCleaner (remove only)
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.96.2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Eraser" = Eraser
"EULAlyzer_is1" = EULAlyzer v1.0
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Glary Utilities_is1" = Glary Utilities 2.11.0.638
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LookInMyPC" = LookInMyPC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player Classic" = Media Player Classic
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Mihov Image Resizer" = Mihov Image Resizer 1.1 (remove only)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MWSnap 3" = MWSnap 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ObjectDock" = ObjectDock
"PC-Doctor" = Uninstall PC-Doctor
"PopTray" = PopTray 3.20
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Registry Mechanic_is1" = Registry Mechanic 7.0
"Revo Uninstaller" = Revo Uninstaller 1.87
"Sandboxie" = Sandboxie 3.45.07
"ST6UNST #1" = PERS Employer Remittance Advice System
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"System Explorer_is1" = System Explorer 2.0.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Who's There_is1" = Who's There V2.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2009 4:18:42 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:09:44 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:09:44 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:12:50 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:12:50 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:26:08 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:26:08 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:26:09 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/29/2009 6:26:09 PM | Computer Name = ACCOUNTING | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2009 6:40:16 PM | Computer Name = ACCOUNTING | Source = Application Error | ID = 1000
Description = Faulting application foxitr~1.exe, version 2.2.2007.2129, faulting
module foxitr~1.exe, version 2.2.2007.2129, fault address 0x002d6ecd.

[ System Events ]
Error - 8/24/2010 5:37:29 PM | Computer Name = ACCOUNTING | Source = ParVdm | ID = 458754
Description = Unable to get device object pointer for port object.

Error - 8/24/2010 5:37:35 PM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/24/2010 5:39:00 PM | Computer Name = ACCOUNTING | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 8/24/2010 5:39:00 PM | Computer Name = ACCOUNTING | Source = ParVdm | ID = 458754
Description = Unable to get device object pointer for port object.

Error - 8/24/2010 5:39:19 PM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/24/2010 5:44:07 PM | Computer Name = ACCOUNTING | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 8/24/2010 5:44:07 PM | Computer Name = ACCOUNTING | Source = ParVdm | ID = 458754
Description = Unable to get device object pointer for port object.

Error - 8/24/2010 5:44:21 PM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/24/2010 7:11:26 PM | Computer Name = ACCOUNTING | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/24/2010 7:11:28 PM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

broni · 2010/08/24

You have a very little of RAM:

254.00 Mb Total Physical Memory
Click to expand...

XP needs at least 512MB of RAM to run smoothly (1GB ideally).

==================================================================

I can see ZoneAlarm running as your firewall, but I don't see any antivirus program.
I can see some traces Kaspersky though.
Please, explain your situation before I proceed with your OTL log.

============================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Harpo · 2010/08/25

This computer is 7 years old. At the time of purchase, 128 MB was the standard RAM included with a new computer. I bumped that up to 256, not realizing that RAM requirements would rise so quickly, nor that I'd still be using the same computer 7 years later!

ClamWin is my AV program. I may have run a Kaspersky scan at some time in the past, but can't say for sure.

I also use WinPatrol Plus, and have multiple security add-ons installed on Firefox, which is my primary browser. And I use PopTray to filter incoming mail, so virtually no unwanted mail comes in.

I've used various security programs/scanners over the years, with the most recent being occasional use of MBAM and SuperAntiSpyware.

As an aside, whatever this rogue is on my system, it's still active - it took 53 minutes for my computer to get to a usable state this morning.

broni · 2010/08/25

Fair enough, regarding your RAM, considering computer's age

Clam doesn't run in real time.
You need real time protection.
Please, download and install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
After installation, run full scan.
Report on any findings.
When done, re-run OTL "Quick scan" and post fresh log.

it took 53 minutes for my computer to get to a usable state this morning
Click to expand...

We'll look into it, when we know, your computer is totally clean.
You may have some other issues. We'll see.

broni · 2010/08/25

Oh, one more thing.
With your amount of RAM, I'd suggest, you uninstall ZoneAlarm (uses a lot of resources) and you turn Windows firewall ON.

Harpo · 2010/08/25

OK. Back to the red umbrella I ran a full scan w/AntiVir and it found nothing.

Here's the new OTL log:

OTL logfile created on: 8/25/2010 12:23:09 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Accounting & Payroll\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 94.00 Mb Available Physical Memory | 37.00% Memory free
638.00 Mb Paging File | 336.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.25 Gb Total Space | 16.88 Gb Free Space | 47.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 35.25 Gb Total Space | 20.26 Gb Free Space | 57.47% Space Free | Partition Type: NTFS

Computer Name: ACCOUNTING
Current User Name: Accounting & Payroll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\desktop\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/10 14:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/16 06:01:16 | 001,666,048 | ---- | M] (Renier Crause) -- C:\Program Files\PopTray\PopTray.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\desktop\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/09/23 10:30:38 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe -- (OpenDNS Updater.exe)
SRV - [2010/04/14 05:23:40 | 000,073,960 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/07/15 15:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Accounting & Payroll\desktop\PeerBlock_r181__Win32_Release\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/14 05:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/24 06:24:57 | 000,037,440 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.drv -- (PsSdkLBF)
DRV - [2008/10/24 06:24:56 | 000,030,272 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk31.drv -- (PsSdk31)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 01:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2005/08/22 17:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 17:06:16 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/08/22 17:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/01/10 14:55:22 | 000,004,010 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2001/08/23 00:33:10 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/05/31 20:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2000/03/22 21:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.wcb.com/home/home
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..abine.backup.network.proxy.autoconfig_url: " "
FF - prefs.js..abine.backup.network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul "
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}:0.9.3
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.1
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.5
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.11
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..network.proxy.autoconfig_url: "abine://auto-conf.js "
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/24 09:02:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 09:08:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/29 09:27:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/05 08:23:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/18 07:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions
[2009/12/18 07:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/02/12 16:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\postbox@postbox-inc.com
[2009/07/09 14:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/25 09:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions
[2008/02/27 18:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)
[2010/08/05 10:05:12 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/03 13:28:10 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/08/19 10:17:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/08/22 18:33:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2008/02/27 18:08:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2010/05/13 10:19:46 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/02/27 18:08:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2008/02/27 18:08:59 | 000,000,000 | ---D | M] (Halloween) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}(2)
[2010/07/30 10:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/12/01 09:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}
[2010/06/11 16:57:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/24 10:30:32 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2010/08/05 10:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\netvideohunter@netvideohunter.com
[2010/08/19 10:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\optout@dubfire.net
[2008/08/28 07:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\perspectives@cmu.edu
[2009/06/23 10:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\twitkit@engel.uk.to
[2010/01/19 13:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2009/03/18 11:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Sunbird\Profiles\mgjv1xgt.default\extensions
[2008/12/09 13:19:47 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\askcom.xml
[2009/07/23 09:13:46 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\aviary.xml
[2009/07/07 10:10:17 | 000,002,836 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\bing.xml
[2008/06/24 10:01:07 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\goo-green-label.xml
[2010/07/19 12:04:41 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\ixquick-https.xml
[2010/07/19 12:05:01 | 000,005,479 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\startpage-https.xml
[2007/06/05 14:54:13 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\wikipedia-english.xml
[2010/08/25 09:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 09:08:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/09 11:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/08/23 09:44:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\PopTray.lnk = C:\Program Files\PopTray\PopTray.exe (Renier Crause)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\sunbird.exe.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe (Mozilla)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216943695906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 24.143.124.6 24.143.124.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/28 14:20:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Avira
[2010/08/25 10:23:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/25 10:23:31 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/25 10:23:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/25 10:23:31 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/25 10:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/25 10:12:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Accounting & Payroll\Recent
[2010/08/25 09:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/24 15:13:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\OTL.exe
[2010/08/23 11:56:36 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/23 11:08:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/23 11:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\is it malware - yes it is
[2010/08/23 09:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/20 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\Pery's false positives
[2010/08/17 08:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\forms
[2010/08/11 15:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Memos
[2010/08/09 09:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\PDF Ordinances
[2010/08/05 09:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/08/05 09:35:58 | 000,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2010/08/05 09:34:47 | 000,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/08/05 09:34:02 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2010/08/05 09:33:56 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/08/05 09:33:55 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2010/08/05 09:33:04 | 000,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2010/08/05 09:33:02 | 001,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2010/08/05 09:33:02 | 000,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2010/08/05 09:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/08/05 09:32:55 | 000,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2010/08/05 09:32:51 | 000,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/08/05 09:32:41 | 000,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2010/08/05 09:31:29 | 000,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2010/08/05 09:31:29 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2010/08/05 09:31:28 | 000,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2010/08/05 09:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/08/04 10:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\misc
[2010/08/03 16:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\policy making
[2010/06/29 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Ordinances & Resolutions
[2010/06/28 11:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\NSAT
[2010/06/15 12:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Abine
[2010/06/11 16:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/11 16:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/10 08:46:59 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2010/06/07 08:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/04 09:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\transfers
[2010/06/03 14:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/06/03 08:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Archived files

========== Files - Modified Within 90 Days ==========

[2010/08/25 12:14:11 | 001,611,808 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/25 10:14:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/25 10:14:22 | 000,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/25 10:13:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 10:13:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 10:12:49 | 000,017,924 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/08/25 10:12:22 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Accounting & Payroll\ntuser.ini
[2010/08/25 10:12:21 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\ntuser.dat
[2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\OTL.exe
[2010/08/24 12:35:50 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\lunch log.xls
[2010/08/24 11:57:39 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Reboot.lnk
[2010/08/23 09:46:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 09:44:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/19 10:21:13 | 000,003,044 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/19 09:12:23 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Water Bond Savings.xls
[2010/08/17 08:01:45 | 000,487,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 16:39:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/16 16:29:29 | 000,501,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 16:29:29 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 16:29:29 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 11:02:59 | 000,000,054 | ---- | M] () -- C:\WINDOWS\WB_SID.DAT
[2010/08/13 12:08:42 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\letterhead.doc
[2010/08/09 14:45:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/09 14:45:49 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/09 14:44:13 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/06 14:47:32 | 000,082,666 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Oregon Public Meeting Law reference.pdf
[2010/08/05 09:44:02 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/02 08:41:41 | 000,978,944 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Water-Sewer.mdb
[2010/07/26 16:57:53 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\CloseAll.lnk
[2010/07/14 17:58:03 | 000,000,892 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/08/24 11:57:09 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Reboot.lnk
[2010/08/09 14:45:49 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/09 14:45:49 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/09 14:44:13 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/06 14:47:32 | 000,082,666 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Oregon Public Meeting Law reference.pdf
[2010/08/05 09:47:16 | 001,611,808 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/05 09:47:16 | 000,017,924 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/08/05 09:34:04 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/08/05 09:32:41 | 000,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/04 09:11:06 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\lunch log.xls
[2010/07/26 16:57:53 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\CloseAll.lnk
[2010/05/03 10:37:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/04/05 12:27:34 | 000,003,044 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/01/29 09:03:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 19:57:36 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\Delphimm.dll
[2010/01/26 19:57:35 | 000,002,279 | ---- | C] () -- C:\WINDOWS\astclock.ini
[2008/09/24 18:33:13 | 000,000,122 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008/01/03 15:47:08 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/06/29 06:12:41 | 000,015,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbhr.sys
[2007/06/13 14:53:14 | 000,225,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/01/25 08:20:48 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\fusioncache.dat
[2006/11/10 15:12:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2006/10/30 11:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/10/25 09:22:59 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/20 07:18:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/10/20 07:16:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winreg.ini
[2006/04/11 09:38:33 | 000,007,978 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/11 09:38:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/07 08:16:41 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/04/07 08:16:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/01/11 14:43:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/02 11:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 11:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/05/17 16:21:11 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/17 16:21:11 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/17 16:15:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/10/13 08:56:22 | 000,037,888 | ---- | C] () -- C:\Program Files\wizmo.exe
[2003/06/04 15:45:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/05/31 14:13:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003/05/28 14:27:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\WB.INI
[2003/04/29 06:41:42 | 000,000,784 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/04/29 06:41:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/11 09:30:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/11 09:28:39 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2003/04/11 09:28:39 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2003/04/11 09:28:39 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2003/04/11 09:27:49 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2003/04/11 09:23:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/04/11 09:17:46 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/23 13:45:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/26 09:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2010/08/25 10:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Abine
[2010/01/13 12:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\GetRightToGo
[2009/03/13 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\GlarySoft
[2009/02/05 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\gtk-2.0
[2010/02/03 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\HandBrake
[2007/11/08 12:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Image Zone Express
[2009/04/14 09:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\OpenOffice.org
[2010/01/20 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Opera
[2007/10/11 06:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Printer Info Cache
[2009/10/09 14:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Stardock
[2009/10/07 16:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\TeamViewer
[2009/12/18 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Thunderbird
[2008/04/24 12:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\VSRevoGroup
[2010/02/03 19:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Winff
[2007/09/13 10:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\WinPatrol
[2007/08/22 11:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2010/08/05 09:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/12/11 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2009/02/12 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2008/06/03 09:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/09 16:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
[2010/08/25 10:12:36 | 000,032,552 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/12/04 12:29:46 | 000,001,024 | ---- | M] () -- C:\.rnd
[2003/05/28 14:20:44 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2008/12/11 16:26:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/02 17:38:42 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2003/05/28 13:57:36 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2002/09/23 13:12:06 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2009/11/05 09:39:55 | 000,000,066 | ---- | M] () -- C:\browserclean.bat
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2003/05/28 14:20:44 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/12/09 09:07:08 | 000,000,000 | ---- | M] () -- C:\cookiesnew.txt
[2010/08/16 10:54:51 | 000,001,920 | ---- | M] () -- C:\DIRDEP.TXT
[2003/05/28 14:20:45 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/08/25 09:10:46 | 000,011,021 | ---- | M] () -- C:\JavaRa.log
[2003/04/11 09:29:28 | 000,000,155 | ---- | M] () -- C:\LOGFILE.txt
[2003/06/03 12:25:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/01/21 11:24:12 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/06 09:42:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/03/11 10:55:57 | 000,008,192 | ---- | M] () -- C:\ntuser.dat
[2009/09/03 15:06:32 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2007/07/10 20:08:24 | 000,215,928 | ---- | M] (Sysinternals) -- C:\pagedfrg.exe
[2007/07/10 20:08:12 | 000,008,419 | ---- | M] () -- C:\pagedfrg.hlp
[2010/08/25 10:23:57 | 417,333,248 | -HS- | M] () -- C:\pagefile.sys
[2010/08/23 08:41:12 | 000,000,342 | ---- | M] () -- C:\rkill.log
[2009/11/05 09:40:41 | 000,000,432 | ---- | M] () -- C:\Run CCleaner.lnk
[2003/04/11 09:24:30 | 000,000,032 | ---- | M] () -- C:\setup.log
[2003/04/29 06:36:16 | 000,000,390 | ---- | M] () -- C:\SYSLEVEL.IBM
[2003/05/28 13:57:36 | 000,262,144 | ---- | M] () -- C:\TAILFILE.TXT

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2008/10/16 21:35:50 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 04:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/23 13:18:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/09/23 13:18:12 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/09/23 13:18:12 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 06:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 06:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Re Zone Alarm - I'm using an older free version that doesn't have any bells & whistles to it. Been trusting ZA for many years now. Hate to leave it behind to trust the Windows firewall when it doesn't block outgoing programs...

broni · 2010/08/25

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Harpo · 2010/08/26

OTL Run Fix log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Accounting & Payroll
->Temp folder emptied: 9254334 bytes
->Temporary Internet Files folder emptied: 397482 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39099606 bytes
->Opera cache emptied: 18145909 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3090 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5756877 bytes

Total Files Cleaned = 69.00 mb

[EMPTYFLASH]

User: Accounting & Payroll
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08252010_142121

Files\Folders moved on Reboot...
C:\WINDOWS\temp\ZLT0318d.TMP moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06580.TMP not found!

Registry entries deleted on Reboot...

OTL Quick Scan log:

OTL logfile created on: 8/25/2010 2:42:44 PM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Accounting & Payroll\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 55.00% Memory free
749.00 Mb Paging File | 438.00 Mb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.25 Gb Total Space | 16.85 Gb Free Space | 47.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 35.25 Gb Total Space | 20.26 Gb Free Space | 57.47% Space Free | Partition Type: NTFS

Computer Name: ACCOUNTING
Current User Name: Accounting & Payroll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\desktop\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/10 14:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/16 06:01:16 | 001,666,048 | ---- | M] (Renier Crause) -- C:\Program Files\PopTray\PopTray.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\desktop\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/09/23 10:30:38 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe -- (OpenDNS Updater.exe)
SRV - [2010/04/14 05:23:40 | 000,073,960 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/07/15 15:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Accounting & Payroll\desktop\PeerBlock_r181__Win32_Release\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/14 05:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/24 06:24:57 | 000,037,440 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.drv -- (PsSdkLBF)
DRV - [2008/10/24 06:24:56 | 000,030,272 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk31.drv -- (PsSdk31)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 01:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2005/08/22 17:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 17:06:16 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/08/22 17:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/01/10 14:55:22 | 000,004,010 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2001/08/23 00:33:10 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/05/31 20:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2000/03/22 21:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.wcb.com/home/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..abine.backup.network.proxy.autoconfig_url: " "
FF - prefs.js..abine.backup.network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul "
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}:0.9.3
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.1
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.5
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.11
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..network.proxy.autoconfig_url: "abine://auto-conf.js "
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/24 09:02:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 09:08:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/29 09:27:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/05 08:23:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/18 07:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions
[2009/12/18 07:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/02/12 16:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\postbox@postbox-inc.com
[2009/07/09 14:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/25 13:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions
[2008/02/27 18:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)
[2010/08/05 10:05:12 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/03 13:28:10 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/08/19 10:17:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/08/22 18:33:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2008/02/27 18:08:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2010/05/13 10:19:46 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/02/27 18:08:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2008/02/27 18:08:59 | 000,000,000 | ---D | M] (Halloween) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}(2)
[2010/07/30 10:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/12/01 09:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}
[2010/06/11 16:57:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/24 10:30:32 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2010/08/05 10:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\netvideohunter@netvideohunter.com
[2010/08/19 10:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\optout@dubfire.net
[2008/08/28 07:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\perspectives@cmu.edu
[2009/06/23 10:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\twitkit@engel.uk.to
[2010/01/19 13:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2009/03/18 11:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Sunbird\Profiles\mgjv1xgt.default\extensions
[2008/12/09 13:19:47 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\askcom.xml
[2009/07/23 09:13:46 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\aviary.xml
[2009/07/07 10:10:17 | 000,002,836 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\bing.xml
[2008/06/24 10:01:07 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\goo-green-label.xml
[2010/07/19 12:04:41 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\ixquick-https.xml
[2010/07/19 12:05:01 | 000,005,479 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\startpage-https.xml
[2007/06/05 14:54:13 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Mozilla\Firefox\Profiles\kms31fnm.default\searchplugins\wikipedia-english.xml
[2010/08/25 13:11:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 09:08:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/09 11:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2010/08/23 09:44:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\PopTray.lnk = C:\Program Files\PopTray\PopTray.exe (Renier Crause)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\Accounting & Payroll\Start Menu\Programs\Startup\sunbird.exe.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe (Mozilla)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216943695906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 24.143.124.6 24.143.124.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/28 14:20:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 14:21:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/25 14:15:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\TFC.exe
[2010/08/25 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Avira
[2010/08/25 10:23:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/25 10:23:31 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/25 10:23:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/25 10:23:31 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/25 10:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/25 10:12:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Accounting & Payroll\Recent
[2010/08/25 09:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/24 15:13:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\OTL.exe
[2010/08/23 11:56:36 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/23 11:08:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/23 11:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\is it malware - yes it is
[2010/08/23 09:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/20 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\Pery's false positives
[2010/08/17 08:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\forms
[2010/08/11 15:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Memos
[2010/08/09 09:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\PDF Ordinances
[2010/08/05 09:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/08/05 09:35:58 | 000,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2010/08/05 09:34:47 | 000,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/08/05 09:34:02 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2010/08/05 09:33:56 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/08/05 09:33:55 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2010/08/05 09:33:04 | 000,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2010/08/05 09:33:02 | 001,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2010/08/05 09:33:02 | 000,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2010/08/05 09:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/08/05 09:32:55 | 000,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2010/08/05 09:32:51 | 000,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/08/05 09:32:41 | 000,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2010/08/05 09:31:29 | 000,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2010/08/05 09:31:29 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2010/08/05 09:31:28 | 000,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2010/08/05 09:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/08/04 10:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\misc
[2010/08/03 16:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\policy making
[2010/06/29 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Ordinances & Resolutions
[2010/06/28 11:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\NSAT
[2010/06/15 12:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Abine
[2010/06/11 16:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/11 16:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/10 08:46:59 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2010/06/07 08:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/04 09:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\Desktop\transfers
[2010/06/03 14:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/06/03 08:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Accounting & Payroll\My Documents\Archived files

========== Files - Modified Within 90 Days ==========

[2010/08/25 14:53:48 | 001,624,096 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/25 14:29:35 | 000,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/25 14:24:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 14:24:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 14:23:25 | 000,020,012 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/08/25 14:22:50 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\ntuser.dat
[2010/08/25 14:22:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Accounting & Payroll\ntuser.ini
[2010/08/25 14:15:11 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\TFC.exe
[2010/08/25 14:15:01 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\SecurityCheck.exe
[2010/08/25 10:14:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 15:13:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Accounting & Payroll\Desktop\OTL.exe
[2010/08/24 12:35:50 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\lunch log.xls
[2010/08/24 11:57:39 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Reboot.lnk
[2010/08/23 09:46:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 09:44:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/19 10:21:13 | 000,003,044 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/19 09:12:23 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Water Bond Savings.xls
[2010/08/17 08:01:45 | 000,487,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 16:39:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/16 16:29:29 | 000,501,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 16:29:29 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 16:29:29 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 11:02:59 | 000,000,054 | ---- | M] () -- C:\WINDOWS\WB_SID.DAT
[2010/08/13 12:08:42 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\letterhead.doc
[2010/08/09 14:45:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/09 14:45:49 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/09 14:44:13 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/06 14:47:32 | 000,082,666 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Oregon Public Meeting Law reference.pdf
[2010/08/05 09:44:02 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/02 08:41:41 | 000,978,944 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Water-Sewer.mdb
[2010/07/26 16:57:53 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\CloseAll.lnk
[2010/07/14 17:58:03 | 000,000,892 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/08/25 14:14:32 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\SecurityCheck.exe
[2010/08/24 11:57:09 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\Reboot.lnk
[2010/08/09 14:45:49 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/09 14:45:49 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/09 14:44:13 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/06 14:47:32 | 000,082,666 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\Oregon Public Meeting Law reference.pdf
[2010/08/05 09:47:16 | 001,624,096 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/05 09:47:16 | 000,020,012 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/08/05 09:34:04 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/08/05 09:32:41 | 000,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/04 09:11:06 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\My Documents\lunch log.xls
[2010/07/26 16:57:53 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Desktop\CloseAll.lnk
[2010/05/03 10:37:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/04/05 12:27:34 | 000,003,044 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/01/29 09:03:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/26 19:57:36 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\Delphimm.dll
[2010/01/26 19:57:35 | 000,002,279 | ---- | C] () -- C:\WINDOWS\astclock.ini
[2008/09/24 18:33:13 | 000,000,122 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008/01/03 15:47:08 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/06/29 06:12:41 | 000,015,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbhr.sys
[2007/06/13 14:53:14 | 000,225,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/01/25 08:20:48 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\fusioncache.dat
[2006/11/10 15:12:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2006/10/30 11:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/10/25 09:22:59 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Accounting & Payroll\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/20 07:18:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/10/20 07:16:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winreg.ini
[2006/04/11 09:38:33 | 000,007,978 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/11 09:38:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/07 08:16:41 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/04/07 08:16:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/01/11 14:43:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/02 11:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 11:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/05/17 16:21:11 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/17 16:21:11 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/17 16:15:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/10/13 08:56:22 | 000,037,888 | ---- | C] () -- C:\Program Files\wizmo.exe
[2003/06/04 15:45:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/05/31 14:13:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003/05/28 14:27:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\WB.INI
[2003/04/29 06:41:42 | 000,000,784 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/04/29 06:41:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/11 09:30:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/11 09:28:39 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2003/04/11 09:28:39 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2003/04/11 09:28:39 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2003/04/11 09:27:49 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2003/04/11 09:23:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/04/11 09:17:46 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/23 13:45:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/26 09:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2010/08/25 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Abine
[2010/01/13 12:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\GetRightToGo
[2009/03/13 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\GlarySoft
[2009/02/05 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\gtk-2.0
[2010/02/03 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\HandBrake
[2007/11/08 12:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Image Zone Express
[2009/04/14 09:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\OpenOffice.org
[2010/01/20 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Opera
[2007/10/11 06:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Printer Info Cache
[2009/10/09 14:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Stardock
[2009/10/07 16:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\TeamViewer
[2009/12/18 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Thunderbird
[2008/04/24 12:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\VSRevoGroup
[2010/02/03 19:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\Winff
[2007/09/13 10:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Accounting & Payroll\Application Data\WinPatrol
[2007/08/22 11:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2010/08/05 09:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/12/11 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2009/02/12 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2008/06/03 09:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/09 16:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
[2010/08/25 14:23:09 | 000,032,552 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Security Checkup log:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
WinPatrol 2009
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
BillP Studios WinPatrol winpatrol.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

I'm at my wit's end trying to get scanned on Kaspersky's site. I got as far as having it check my computer's configuration and downloading all the definitions, which took about two hours. But I gave up on scanning in Firefox yesterday and tried with IE when Java kept getting interrupted. I left it run overnight. It got to 17% & found 1 threat & 1 infection (no info). Then it stopped with interrupted Java again: "Message From Webpage: Launch of the Java application is interrupted! Please establish an uninterrupted internet connection for work with this program."

This morning, I uninstalled AntiVir to ensure it wasn't interrupting (I'm familiar with AntiVir, having used it off and on for a long time, but I've never been able to figure out how to fully stop all it's processes without uninstalling it - it won't be "killed "), and shutting down ZoneAlarm. I got the same message about Java.

The Windows firewall is on.

broni · 2010/08/26

Sometimes, Kaspersky creates issues for some users. I'll give you another tool, but first...

1. Update your Thunderbird

2. Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

IMPORTANT! UN-check Remove found threats

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Harpo · 2010/08/27

ESET found it! Here are the results:

C:\WINDOWS\system32\netset.exe Win32/Agent.RNG trojan

And in case it's helpful, here's another piece of info I found in System Explorer when I was watching this nasty eating up my resources (it got up to 252,396K!):

wuauclt.exe parameters:
/RunStoreAsComServer Local\[47c]SUSDSdc3e666c884c8647b099585c13455853

broni · 2010/08/27

netset.exe can be also a legit file....

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\netset.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

I'm not sure, what you're saying here:

And in case it's helpful, here's another piece of info I found in System Explorer when I was watching this nasty eating up my resources (it got up to 252,396K!):

wuauclt.exe parameters:
/RunStoreAsComServer Local\[47c]SUSDSdc3e666c884c8647b099585c13455853
Click to expand...

Harpo · 2010/08/27

here's a copy/paste from the VirusTotal website:

File name:
netset.exe
Submission date:
2010-08-28 01:43:25 (UTC)
Current status:
queued queued analysing finished
Result:
27/ 42 (64.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.08.28.00 2010.08.28 Trojan/Win32.Small
AntiVir 8.2.4.46 2010.08.27 -
Antiy-AVL 2.0.3.7 2010.08.26 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.08.28 -
Avast 4.8.1351.0 2010.08.27 Win32:Malware-gen
Avast5 5.0.594.0 2010.08.27 Win32:Malware-gen
AVG 9.0.0.851 2010.08.27 -
BitDefender 7.2 2010.08.28 Trojan.Generic.4484034
CAT-QuickHeal 11.00 2010.08.27 Trojan.Small.cjn
ClamAV 0.96.2.0-git 2010.08.27 -
Comodo 5881 2010.08.28 -
DrWeb 5.0.2.03300 2010.08.28 -
Emsisoft 5.0.0.37 2010.08.27 Trojan.Win32.Small!IK
eSafe 7.0.17.0 2010.08.26 -
eTrust-Vet 36.1.7823 2010.08.27 -
F-Prot 4.6.1.107 2010.08.28 -
F-Secure 9.0.15370.0 2010.08.28 Trojan.Generic.4484034
Fortinet 4.1.143.0 2010.08.26 -
GData 21 2010.08.28 Trojan.Generic.4484034
Ikarus T3.1.1.88.0 2010.08.27 Trojan.Win32.Small
Jiangmin 13.0.900 2010.08.27 Trojan/Small.ito
Kaspersky 7.0.0.125 2010.08.28 Trojan.Win32.Small.cjn
McAfee 5.400.0.1158 2010.08.28 Generic.dx!tfh
McAfee-GW-Edition 2010.1B 2010.08.27 Generic.dx!tfh
Microsoft 1.6103 2010.08.27 Trojan:Win32/Mvpaten.A
NOD32 5403 2010.08.27 Win32/Agent.RNG
Norman 6.05.11 2010.08.27 W32/Suspicious_Gen2.BQFSS
nProtect 2010-08-27.01 2010.08.27 Trojan.Generic.4484034
Panda 10.0.2.7 2010.08.27 Trj/CI.A
PCTools 7.0.3.5 2010.08.28 Trojan.Generic
Prevx 3.0 2010.08.28 -
Rising 22.62.04.04 2010.08.27 -
Sophos 4.56.0 2010.08.28 Mal/Generic-L
Sunbelt 6804 2010.08.28 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.08.28 -
Symantec 20101.1.1.7 2010.08.28 Trojan Horse
TheHacker 6.5.2.1.356 2010.08.26 -
TrendMicro 9.120.0.1004 2010.08.27 TROJ_GEN.R15C2G4
TrendMicro-HouseCall 9.120.0.1004 2010.08.28 TROJ_GEN.R15C2G4
VBA32 3.12.14.0 2010.08.27 Trojan.Win32.Small.cjn
ViRobot 2010.8.25.4006 2010.08.27 -
VirusBuster 5.0.27.0 2010.08.27 Trojan.Small.DKSF
Additional information
Show all
MD5 : 9f542046c1e0900321e2a6ef09c78ce3
SHA1 : 8ebd692a121813de7b3847b800354960c932dfae
SHA256: 60db7717d40b0169d6db6f853c7719e16c44d8de81156fb4bb2cc602289aac7c

Re:

I'm not sure, what you're saying here:

Quote:
And in case it's helpful, here's another piece of info I found in System Explorer when I was watching this nasty eating up my resources (it got up to 252,396K!):

wuauclt.exe parameters:
/RunStoreAsComServer Local\[47c]SUSDSdc3e666c884c8647b099585c13455853
Click to expand...

System Explorer is a handy little program that gives me info about all sorts of things, including processes. I've been watching this file using/abusing my system resources, and noticed the "parameters" had some interesting-looking info. Don't know what it means but thought it might be useful to you.

broni · 2010/08/27

Yeah, the file is definitely bad.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\WINDOWS\system32\netset.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Harpo · 2010/08/28

After running the fix, I rebooted and ran OTL Cleanup as instructed and rebooted again. I'm afraid the wuauclt.exe process is still there (I can see it), and still eating up a lot of resources and causing an EXTREMELY slow boot time. Programs are nearly impossible to boot until it gets through whatever it is that it does, and settles down. Only then can I use the computer as normal. Netset.exe is now gone from the Windows/System32 folder.

BTW, I forgot to post back re: I updated Thunderbird per your request, and uninstalled Adobe Reader, as I do use Foxit Reader as my primary PDF reader. Also, I do use WOT, and I usually run Firefox in a sandbox (I use SandboxIE) whenever I'm following newsletter links, etc. I also already started changing passwords from a clean computer a couple of days ago.

Here's the OTL post-fix log:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\netset.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Accounting & Payroll
->Temp folder emptied: 109077809 bytes
->Temporary Internet Files folder emptied: 683231 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41963521 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22633 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 750242 bytes

Total Files Cleaned = 145.00 mb

[EMPTYFLASH]

User: Accounting & Payroll
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08282010_114015

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/08/28

Well, as I said before:

254.00 Mb Total Physical Memory
Click to expand...

With this amount of RAM, your computer will crawl no matter what we do.
You need more RAM. That's all.

Harpo · 2010/08/28

The computer never behaved like this before the last Windows update. That's why I initially thought that it was something in the update that caused the slowness. There's a big difference between a 5-7 minute startup (normal) and 40-55 minute startup!

Please explain why wuauclt.exe is still running and consuming large amounts of resources?

broni · 2010/08/28

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

Log in or Sign up

Solved processes eating up memory - no log to post

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved processes eating up memory - no log to post

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches