Active Slow machine - Freeze ups

[Active] Slow machine - Freeze ups

Hello,

I must admit, I have used Bleeping Computer forum for help prior to coming here. I ran Superspyware scans, Malwarebytes scans, Combofix and something else. I did have email being sent on its own and that seems to have stopped but I have a very slow running machine and it tends to freeze up. Bleeping Computer suggested that my RAM needs to be increased because I am running Norton which apparantly seems to be using all the Ram, but I uninstalled Norton just to see if it would help and - no difference. I have reinstalled Norton and still no difference. There are many users of this computer including myself, my father and his girlfriend and five other brothers/stepbrothers. Please help.

Thank you


DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 23:43:35.62 on Tue 10/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.70 [GMT -3:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SIW\siw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=16796S&l=dis
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Norton Safety Minder: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files\norton online\addons\norton safety minder\engine\2.0.0.48\coIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: MaxRecentDocs = 5 (0x5)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072873752953
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219257687734
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\uwylqqnr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/ns/|http://www.sympatico.ca/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\norton\{78ca3bf0-9c3b-40e1-b46d-38c877ef059a}\nsm_2.0.0.42\cofffw\components\coFFFw.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-10-11 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-10-11 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-10-11 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-10-11 116784]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-10 54752]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-10-11 126392]
R2 NOF;Norton Online;c:\program files\norton online\engine\2.0.0.71\ccsvchst.exe [2010-7-6 126904]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-21 16680]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-11 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20101012.001\IDSXpx86.sys [2010-9-15 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20101012.024\NAVENG.SYS [2010-10-12 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20101012.024\NAVEX15.SYS [2010-10-12 1371184]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0200000.030\symrdr.sys [2010-7-6 180912]
S2 gupdate1ca24fdf82ceca0;Google Update Service (gupdate1ca24fdf82ceca0);c:\program files\google\update\GoogleUpdate.exe [2009-8-24 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-10-13 02:21:34 -------- d-----w- c:\program files\ReviverSoft
2010-10-13 02:21:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\ReviverSoft
2010-10-13 02:20:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\OpenCandy
2010-10-13 02:20:07 -------- d-----w- c:\docume~1\owner\applic~1\OpenCandy
2010-10-13 02:20:03 -------- d-----w- c:\program files\SIW
2010-10-11 20:26:27 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys
2010-10-11 20:26:26 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys
2010-10-11 20:26:26 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys
2010-10-11 20:26:26 361904 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdi.sys
2010-10-11 20:26:26 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys
2010-10-11 20:26:26 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys
2010-10-11 20:26:26 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys
2010-10-11 20:26:26 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys
2010-10-11 20:26:08 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005
2010-10-11 11:18:00 -------- d-----w- c:\windows\system32\drivers\NIS
2010-10-11 11:17:46 -------- d-----w- c:\program files\Norton Internet Security
2010-10-06 00:01:18 -------- d-----w- c:\program files\Ask.com
2010-09-28 02:28:15 -------- d-----w- c:\program files\uTorrent
2010-09-22 21:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-22 21:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-20 15:31:05 -------- d-----w- C:\MGlogs

==================== Find3M ====================

2010-10-11 11:22:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-21 12:12:54 2398955 ----a-w- C:\MGtools.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 08:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 05:42:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2004-10-01 18:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

============= FINISH: 23:44:51.38 ===============

 

Slow machine - Freeze ups

I'm not sure what happened but here is the other log.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2003 8:09:38 AM
System Uptime: 10/12/2010 7:46:21 AM (16 hours ago)

Motherboard: Intel Corporation | | D945GPM
Processor: Intel(R) Celeron(R) CPU 3.06GHz | J3E1 | 3066/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 340.024 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/1000 PL Network Connection
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
Manufacturer: Intel
Name: Intel(R) PRO/1000 PL Network Connection
PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
Service: e1express

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1A02F24902700
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1A02F24902700
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\4&3036D68D&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\4&3036D68D&0
Service:

==== System Restore Points ===================

RP5: 7/15/2010 6:49:34 PM - System Checkpoint
RP6: 7/18/2010 10:21:07 PM - System Checkpoint
RP7: 7/19/2010 10:38:49 PM - System Checkpoint
RP8: 7/21/2010 6:27:37 PM - System Checkpoint
RP9: 7/22/2010 10:22:06 PM - System Checkpoint
RP10: 7/23/2010 8:19:03 PM - Removed QuickTime
RP11: 7/24/2010 11:52:41 PM - System Checkpoint
RP12: 7/26/2010 9:02:51 AM - System Checkpoint
RP13: 7/27/2010 10:26:38 AM - System Checkpoint
RP14: 7/28/2010 11:36:01 AM - System Checkpoint
RP15: 7/29/2010 1:16:06 PM - System Checkpoint
RP16: 7/30/2010 4:26:12 PM - System Checkpoint
RP17: 7/31/2010 5:19:39 PM - System Checkpoint
RP18: 8/1/2010 9:48:21 PM - System Checkpoint
RP19: 8/2/2010 9:49:41 PM - System Checkpoint
RP20: 8/4/2010 6:59:56 PM - System Checkpoint
RP21: 8/5/2010 9:45:41 PM - System Checkpoint
RP22: 8/7/2010 6:08:00 PM - System Checkpoint
RP23: 8/8/2010 6:20:22 PM - System Checkpoint
RP24: 8/9/2010 10:48:02 PM - System Checkpoint
RP25: 8/11/2010 8:44:53 AM - System Checkpoint
RP26: 8/12/2010 9:46:26 AM - System Checkpoint
RP27: 8/13/2010 3:21:20 AM - Software Distribution Service 3.0
RP28: 8/14/2010 11:54:18 AM - System Checkpoint
RP29: 8/15/2010 12:23:30 PM - System Checkpoint
RP30: 8/16/2010 8:14:04 AM - Removed HiJackThis
RP31: 8/17/2010 8:47:31 AM - System Checkpoint
RP32: 8/18/2010 9:39:27 AM - System Checkpoint
RP33: 8/19/2010 10:31:03 AM - System Checkpoint
RP34: 8/20/2010 8:39:02 PM - System Checkpoint
RP35: 8/21/2010 9:27:58 PM - System Checkpoint
RP36: 8/22/2010 10:20:11 PM - System Checkpoint
RP37: 8/24/2010 6:26:31 PM - System Checkpoint
RP38: 8/25/2010 7:08:36 PM - System Checkpoint
RP39: 8/26/2010 10:01:14 PM - System Checkpoint
RP40: 8/28/2010 4:02:19 PM - System Checkpoint
RP41: 8/29/2010 5:30:48 PM - System Checkpoint
RP42: 8/30/2010 7:25:10 PM - System Checkpoint
RP43: 9/1/2010 2:55:34 PM - System Checkpoint
RP44: 9/2/2010 2:58:22 PM - System Checkpoint
RP45: 9/3/2010 3:00:24 PM - System Checkpoint
RP46: 9/4/2010 3:02:30 PM - System Checkpoint
RP47: 9/5/2010 3:39:12 PM - System Checkpoint
RP48: 9/6/2010 7:53:42 PM - System Checkpoint
RP49: 9/8/2010 9:39:56 AM - System Checkpoint
RP50: 9/9/2010 9:56:50 AM - System Checkpoint
RP51: 9/10/2010 11:08:38 AM - System Checkpoint
RP52: 9/11/2010 11:15:39 AM - System Checkpoint
RP53: 9/12/2010 11:22:43 AM - System Checkpoint
RP54: 9/13/2010 1:44:38 PM - System Checkpoint
RP55: 9/14/2010 6:27:50 PM - System Checkpoint
RP56: 9/16/2010 12:19:52 AM - System Checkpoint
RP57: 9/17/2010 9:18:35 AM - System Checkpoint
RP58: 9/17/2010 6:36:49 PM - Software Distribution Service 3.0
RP59: 9/18/2010 10:39:56 PM - System Checkpoint
RP60: 9/20/2010 9:55:26 AM - System Checkpoint
RP61: 9/21/2010 11:10:14 AM - System Checkpoint
RP62: 9/22/2010 11:18:49 AM - System Checkpoint
RP63: 9/23/2010 2:40:49 PM - System Checkpoint
RP64: 9/24/2010 6:23:45 PM - System Checkpoint
RP65: 9/25/2010 7:00:38 PM - System Checkpoint
RP66: 9/27/2010 9:46:09 AM - System Checkpoint
RP67: 9/28/2010 9:56:49 AM - System Checkpoint
RP68: 9/29/2010 10:05:40 AM - System Checkpoint
RP69: 9/29/2010 6:58:02 PM - Software Distribution Service 3.0
RP70: 9/30/2010 9:50:51 PM - System Checkpoint
RP71: 10/2/2010 10:48:06 AM - System Checkpoint
RP72: 10/3/2010 1:36:30 PM - System Checkpoint
RP73: 10/4/2010 1:58:25 PM - System Checkpoint
RP74: 10/4/2010 8:43:24 PM - Installed Java(TM) 6 Update 21
RP75: 10/5/2010 9:50:52 PM - System Checkpoint
RP76: 10/6/2010 7:51:57 AM - Removed Ask Toolbar.
RP77: 10/7/2010 2:19:38 PM - System Checkpoint
RP78: 10/8/2010 2:49:41 PM - System Checkpoint
RP79: 10/9/2010 7:37:42 PM - System Checkpoint
RP80: 10/11/2010 9:45:21 AM - System Checkpoint
RP81: 10/12/2010 9:51:17 AM - System Checkpoint
RP82: 10/12/2010 11:21:32 PM - Installed Registry Reviver.

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
ArcSoft PhotoImpression
Avery Wizard 3.1
Bejeweled 2 Deluxe 1.1.3.2523
Brain Games Mahjongg
BufferChm
C3100
c3100_Help
CCleaner
CleanUp!
Compatibility Pack for the 2007 Office system
D-Link RangeBooster N DWA-142
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Shrink 3.2
DVD Solution
eGames Collector's Edition
eSupportQFolder
Fax_CDA
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Product Assistant
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
ImagXpress
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 14.2.100.0
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
LG MC USB U330 driver
LG PC Suite II
LimeWire 5.5.16
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.9)
MSN
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Connector/ODBC 3.51
Nero OEM
neroxml
NewCopy_CDA
Norton Internet Security
Norton Online
Norton Safety Minder
OCR Software by I.R.I.S 7.0
PanoStandAlone
PowerDVD
PowerProducer
ProductContextNPI
QuickTax 2008
Readme
Real Alternative 2.0.2 Lite
Registry Reviver
RPS CRT
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Scan
ScannerCopy
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Simply Accounting by Sage 2009
SIW version 2010.07.14
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Text-To-Speech-Runtime
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Zuma's Revenge!

==== Event Viewer Messages From Past Week ========

10/8/2010 6:47:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetworkX
10/8/2010 6:47:38 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
10/8/2010 6:47:38 PM, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the path specified.
10/8/2010 6:47:32 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
10/8/2010 6:04:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NOF service.
10/8/2010 12:26:24 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DANA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4AA60DF7-7C0B-4FBB-8. The master browser is stopping or an election is being forced.
10/6/2010 12:35:16 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 00195B5556A9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/6/2010 12:32:07 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
10/6/2010 12:32:07 PM, error: Service Control Manager [7034] - The Simply Accounting Database Connection Manager service terminated unexpectedly. It has done this 1 time(s).
10/6/2010 12:32:07 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
10/6/2010 12:32:07 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/6/2010 12:32:07 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
10/6/2010 12:32:07 PM, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

 

Hi and welcome to the WindowsBBS forums .

=========

Lets start with uninstalling ASK from add/remove programs and reboot when done.

==

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

========

Defragment the hard drive as well please.

==

Was any malware found on the PC before you came here?

==

How old is the PC?

==

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

​

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan ​

• Trend Micro HouseCall ​

• F-Secure Online Virus Scanner ​

 

Hello. Ran Trend Micro on line scanner - No threats found. I cannot find ASK in my add/remove programs, so I couldn't remove it. I don't really know except for the email problem which seems to be fixed. And the hard drive did not need to be defragmented. PC is about 5 years old. I only have just started to have these problems though ( last month or so).

Thanks

 

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

OTL logfile created on: 10/13/2010 1:36:59 PM - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 340.02 Gb Free Space | 73.00% Space Free | Partition Type: NTFS

Computer Name: OWNER-RFH54E5YG | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/13 13:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/24 11:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Online\Engine\2.0.0.71\ccsvchst.exe
PRC - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/13 13:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/09/20 16:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2009/08/12 03:54:10 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/08/12 03:54:07 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 09:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\windows\softwaredistribution\download\install\STacSV.exe -- (STacSV)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/24 11:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe -- (NOF)
SRV - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\ckldrv.sys -- (NetworkX)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/11 08:43:16 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/11 08:43:15 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/11 08:43:14 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/11 08:43:14 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/11 08:22:45 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/02 00:00:02 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/09/15 15:02:21 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/10 23:03:44 | 000,180,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NSM\0200000.030\SymRdr.SYS -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV - [2010/05/10 15:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 01:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 02:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 00:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 23:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 23:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 21:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 15:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/29 21:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/08/21 11:58:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/08/21 11:56:47 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/24 01:54:16 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/12/05 00:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2008/04/14 09:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/11/27 00:38:10 | 000,499,328 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/03/28 16:34:00 | 000,011,018 | R--- | M] (OSA Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/03/15 18:34:00 | 000,021,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2005/03/04 19:07:00 | 000,008,704 | R--- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2003/11/03 19:09:00 | 000,036,484 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16796S&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Ask.com "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cbc.ca/ns/|http://www.sympatico.ca/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.0.0.42
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


FF - HKLM\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\ [2010/06/28 20:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/10/11 17:26:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/10/11 08:25:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 12:02:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/11 08:06:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/08/21 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/13 10:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions
[2010/09/09 19:20:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/23 08:10:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/05 21:05:10 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\searchplugins\askcom.xml
[2010/10/13 10:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 18:27:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/04 20:44:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/04 15:33:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.48\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 5
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072873752953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219257687734 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/31 09:07:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/13 13:34:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/13 08:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/13 07:39:51 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/10/12 23:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/10/12 23:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/10/12 23:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
[2010/10/12 23:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/10/12 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/10/12 23:18:52 | 002,762,359 | ---- | C] (Topala Software Solutions ) -- C:\Documents and Settings\Owner\Desktop\siw-setup.exe
[2010/10/11 17:26:27 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symtdiv.sys
[2010/10/11 17:26:26 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.sys
[2010/10/11 17:26:26 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symtdi.sys
[2010/10/11 17:26:26 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.sys
[2010/10/11 17:26:26 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.sys
[2010/10/11 17:26:26 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.sys
[2010/10/11 17:26:26 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\ironx86.sys
[2010/10/11 17:26:26 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.sys
[2010/10/11 17:26:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1108000.005
[2010/10/11 08:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/10/11 08:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/10/05 21:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/10/05 20:57:33 | 030,164,216 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/10/04 20:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/04 20:43:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/04 20:43:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/04 20:43:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/27 23:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/09/26 12:11:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/09/23 14:13:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/20 12:31:05 | 000,000,000 | ---D | C] -- C:\MGlogs
[2010/02/18 19:02:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/10/13 13:42:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/10/13 13:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/13 13:06:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 10:49:51 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job
[2010/10/13 10:47:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 10:47:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 10:46:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/13 07:39:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/10/12 23:21:36 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Reviver.lnk
[2010/10/12 23:20:19 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2010/10/12 23:18:57 | 002,762,359 | ---- | M] (Topala Software Solutions ) -- C:\Documents and Settings\Owner\Desktop\siw-setup.exe
[2010/10/12 07:46:40 | 000,586,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/12 07:46:40 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/10/11 08:22:45 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/11 08:22:45 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/11 08:22:45 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/11 08:22:45 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/08 18:33:49 | 000,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/10/08 18:33:49 | 000,000,042 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/10/06 12:48:26 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/10/05 21:00:42 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.16.lnk
[2010/10/05 20:58:27 | 030,164,216 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/09/28 17:33:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/27 23:28:23 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/22 12:50:51 | 003,849,240 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/21 23:03:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/21 18:20:09 | 000,144,556 | ---- | M] () -- C:\MGlogs.zip
[2010/09/20 18:52:57 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\isolate.ini
[2010/09/19 21:07:55 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2010/09/13 18:27:18 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carolyn Quote - Kiln Dried X 3.xls

========== Files Created - No Company Name ==========

[2010/10/12 23:21:35 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Reviver.lnk
[2010/10/12 23:20:19 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2010/10/12 07:46:26 | 000,586,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/11 17:26:26 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.cat
[2010/10/11 17:26:26 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnetv.cat
[2010/10/11 17:26:26 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.cat
[2010/10/11 17:26:26 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.cat
[2010/10/11 17:26:26 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\iron.cat
[2010/10/11 17:26:26 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.cat
[2010/10/11 17:26:26 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.cat
[2010/10/11 17:26:26 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnet.cat
[2010/10/11 17:26:26 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.inf
[2010/10/11 17:26:26 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.inf
[2010/10/11 17:26:26 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.inf
[2010/10/11 17:26:26 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnetv.inf
[2010/10/11 17:26:26 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnet.inf
[2010/10/11 17:26:26 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.inf
[2010/10/11 17:26:26 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.inf
[2010/10/11 17:26:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\iron.inf
[2010/10/11 17:26:08 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\isolate.ini
[2010/10/11 08:22:27 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/10/05 21:00:41 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.16.lnk
[2010/09/27 23:28:23 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/21 23:03:48 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/21 18:15:24 | 003,849,240 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/13 18:13:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carolyn Quote - Kiln Dried X 3.xls
[2010/08/07 10:20:38 | 000,088,663 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2010/06/28 07:38:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/27 12:49:18 | 000,052,224 | RHS- | C] () -- C:\WINDOWS\System32\locatord.dll
[2010/03/25 21:14:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/03/24 22:16:22 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/20 00:06:33 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/18 19:02:40 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2010/02/18 19:02:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/18 19:02:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/11 16:51:01 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/12/09 19:01:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/09 19:01:51 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/08/31 20:24:39 | 000,000,442 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/28 16:19:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 08:44:41 | 000,000,096 | ---- | C] () -- C:\WINDOWS\Simply.ini
[2009/08/25 16:23:50 | 000,001,348 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/25 11:18:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2009/08/25 11:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/08/25 10:55:29 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/08/23 18:43:08 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 17:18:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/21 17:09:29 | 000,003,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/21 12:20:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/08/21 11:58:27 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2009/08/20 16:49:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/08/20 16:49:33 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\llpink_.dll
[2009/08/20 16:49:33 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/08/20 16:17:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/02/05 14:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\setup.txt
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2003/12/31 05:00:20 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/08/21 09:12:54 | 002,398,955 | ---- | M] () -- C:\MGtools.exe


< MD5 for: AGP440.SYS >
[2008/04/14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\MGtools\temp\ERDNT\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/07/22 16:10:59 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2009/07/22 16:14:08 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\NLDRV\002\iastor.sys
[2009/07/22 16:15:03 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\NLDRV\003\iastor.sys
[2009/08/20 13:52:57 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\NLDRV\004\iastor.sys
[2009/08/20 13:56:38 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\NLDRV\005\iastor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\system32\DRVSTORE\iaStor_BB5E44AE45FD56D7B2C2FE48CCE823F0A24DCF08\iaStor.sys
[2009/08/20 13:56:38 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/06/27 12:49:18 | 000,052,224 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\locatord.dll

< %systemroot%\System32\config\*.sav >
[2003/12/31 04:40:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/12/31 04:40:35 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/12/31 04:40:35 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >


There was no Extras.txt log

Thank you

 

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

==============

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Files
  C:\Program Files\Ask.com
  :OTL
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
  DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
  DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\ckldrv.sys -- (NetworkX)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16796S&l=dis
  FF - prefs.js..browser.search.defaultengine:  "Ask.com "
  FF - prefs.js..browser.search.defaultenginename:  "Ask.com "
  FF - prefs.js..browser.search.order.1:  "Ask.com "
  [2010/10/05 21:05:10 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\searchplugins\askcom.xml
  :Commands
  [purity]
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

All processes killed
========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
========== OTL ==========
Service SABProcEnum stopped successfully!
Service SABProcEnum deleted successfully!
File C:\Program Files\Internet Explorer\SABProcEnum.sys not found.
Error: No service named RPSKT) Security Services Driver (x86 was found to stop!
Service\Driver key RPSKT) Security Services Driver (x86 not found.
File C:\WINDOWS\System32\DRIVERS\rp_skt32.sys not found.
Service NetworkX stopped successfully!
Service NetworkX deleted successfully!
File C:\WINDOWS\System32\ckldrv.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\searchplugins\askcom.xml moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Dallas
->Flash cache emptied: 12425 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kullen
->Flash cache emptied: 2389 bytes

User: LocalService

User: Logan
->Flash cache emptied: 12252 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 14124 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Dallas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106365371 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kullen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 127432552 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Logan
->Temp folder emptied: 1373 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74259286 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner
->Temp folder emptied: 74707569 bytes
->Temporary Internet Files folder emptied: 6772636 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104937876 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1623528 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5424895 bytes

Total Files Cleaned = 478.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.15.2 log created on 10132010_191728

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\NSM-{502E7EAA-3905-4DA7-8403-A4AF69359369}.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_6b4.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_778.dat moved successfully.

Registry entries deleted on Reboot...

 

OTL logfile created on: 10/13/2010 7:24:49 PM - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 340.38 Gb Free Space | 73.08% Space Free | Partition Type: NTFS

Computer Name: OWNER-RFH54E5YG | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/13 13:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/09/08 17:40:06 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/08 17:40:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/24 11:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Online\Engine\2.0.0.71\ccsvchst.exe
PRC - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/13 13:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/09/20 16:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2009/08/12 03:54:10 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/08/12 03:54:07 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 09:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\windows\softwaredistribution\download\install\STacSV.exe -- (STacSV)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/24 11:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/23 02:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe -- (NOF)
SRV - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/28 22:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2010/10/11 08:43:16 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/11 08:43:15 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/11 08:43:14 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/11 08:43:14 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/11 08:22:45 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/02 00:00:02 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/09/15 15:02:21 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/10 23:03:44 | 000,180,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NSM\0200000.030\SymRdr.SYS -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV - [2010/05/10 15:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 01:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 02:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 00:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 23:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 23:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 21:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 15:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/29 21:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/08/21 11:58:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/08/21 11:56:47 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/24 01:54:16 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/12/05 00:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2008/04/14 09:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/11/27 00:38:10 | 000,499,328 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/03/28 16:34:00 | 000,011,018 | R--- | M] (OSA Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/03/15 18:34:00 | 000,021,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2005/03/04 19:07:00 | 000,008,704 | R--- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2003/11/03 19:09:00 | 000,036,484 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: " "
FF - prefs.js..browser.search.defaultenginename: " "
FF - prefs.js..browser.search.order.1: " "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cbc.ca/ns/|http://www.sympatico.ca/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.0.0.42
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


FF - HKLM\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\ [2010/06/28 20:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/10/11 17:26:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/10/11 08:25:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 12:02:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/11 08:06:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/20 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/08/21 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/13 10:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions
[2010/09/09 19:20:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/23 08:10:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/13 10:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 18:27:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/04 20:44:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/13 19:17:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.48\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 5
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072873752953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219257687734 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/31 09:07:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/13 13:34:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/13 08:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/12 23:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/10/12 23:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/10/12 23:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
[2010/10/12 23:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/10/12 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/10/11 17:26:27 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symtdiv.sys
[2010/10/11 17:26:26 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.sys
[2010/10/11 17:26:26 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symtdi.sys
[2010/10/11 17:26:26 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.sys
[2010/10/11 17:26:26 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.sys
[2010/10/11 17:26:26 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.sys
[2010/10/11 17:26:26 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\ironx86.sys
[2010/10/11 17:26:26 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.sys
[2010/10/11 17:26:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1108000.005
[2010/10/11 08:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/10/11 08:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/10/05 20:57:33 | 030,164,216 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/10/04 20:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/27 23:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/09/26 12:11:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/09/23 14:13:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/20 12:31:05 | 000,000,000 | ---D | C] -- C:\MGlogs
[2010/09/04 21:22:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/09/04 21:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2010/08/28 00:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/08/21 09:14:28 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/08/16 21:05:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/16 21:00:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/16 21:00:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/16 21:00:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/16 08:24:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/16 08:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/02/18 19:02:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/10/13 19:30:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/10/13 19:20:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 19:20:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 19:20:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/13 19:17:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/13 19:06:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 13:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/13 10:49:51 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job
[2010/10/12 23:21:36 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Reviver.lnk
[2010/10/12 23:20:19 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2010/10/12 07:46:40 | 000,586,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/12 07:46:40 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/10/11 08:22:45 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/11 08:22:45 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/11 08:22:45 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/11 08:22:45 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/08 18:33:49 | 000,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/10/08 18:33:49 | 000,000,042 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/10/06 12:48:26 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/10/05 21:00:42 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.16.lnk
[2010/10/05 20:58:27 | 030,164,216 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/09/28 17:33:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/27 23:28:23 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/22 12:50:51 | 003,849,240 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/21 23:03:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/21 18:20:09 | 000,144,556 | ---- | M] () -- C:\MGlogs.zip
[2010/09/20 18:52:57 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\isolate.ini
[2010/09/19 21:07:55 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2010/09/13 18:27:18 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carolyn Quote - Kiln Dried X 3.xls
[2010/09/07 21:11:37 | 000,000,442 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/31 17:44:43 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2010/08/21 09:12:54 | 002,398,955 | ---- | M] () -- C:\MGtools.exe
[2010/08/16 08:21:19 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/16 08:12:25 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/13 09:59:05 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 03:29:07 | 000,435,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 03:29:07 | 000,068,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/09 22:59:26 | 002,148,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Backup1.CAB
[2010/08/08 14:24:40 | 000,001,348 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/04 17:06:53 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MarilynMelanson - Vertical siding.xls
[2010/08/04 15:33:34 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
[2010/07/28 16:27:42 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carolyn Quote - Kiln Dried.xls

========== Files Created - No Company Name ==========

[2010/10/12 23:21:35 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Reviver.lnk
[2010/10/12 23:20:19 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SIW.lnk
[2010/10/12 07:46:26 | 000,586,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/11 17:26:26 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.cat
[2010/10/11 17:26:26 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnetv.cat
[2010/10/11 17:26:26 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.cat
[2010/10/11 17:26:26 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.cat
[2010/10/11 17:26:26 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\iron.cat
[2010/10/11 17:26:26 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.cat
[2010/10/11 17:26:26 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.cat
[2010/10/11 17:26:26 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnet.cat
[2010/10/11 17:26:26 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symefa.inf
[2010/10/11 17:26:26 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symds.inf
[2010/10/11 17:26:26 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\cchpx86.inf
[2010/10/11 17:26:26 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnetv.inf
[2010/10/11 17:26:26 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\symnet.inf
[2010/10/11 17:26:26 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtspx.inf
[2010/10/11 17:26:26 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\srtsp.inf
[2010/10/11 17:26:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\iron.inf
[2010/10/11 17:26:08 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1108000.005\isolate.ini
[2010/10/11 08:22:27 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/10/05 21:00:41 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.16.lnk
[2010/09/27 23:28:23 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/09/21 23:03:48 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/21 18:15:24 | 003,849,240 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/13 18:13:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carolyn Quote - Kiln Dried X 3.xls
[2010/08/21 09:14:32 | 000,144,556 | ---- | C] () -- C:\MGlogs.zip
[2010/08/21 09:13:55 | 002,398,955 | ---- | C] () -- C:\MGtools.exe
[2010/08/16 21:00:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/16 21:00:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/16 21:00:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/16 21:00:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/16 21:00:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/16 08:21:19 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/09 22:59:22 | 002,148,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Backup1.CAB
[2010/08/07 10:20:38 | 000,088,663 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2010/08/04 15:53:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MarilynMelanson - Vertical siding.xls
[2010/07/20 11:52:26 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carolyn Quote - Kiln Dried.xls
[2010/06/28 07:38:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/27 12:49:18 | 000,052,224 | RHS- | C] () -- C:\WINDOWS\System32\locatord.dll
[2010/03/25 21:14:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/03/24 22:16:22 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/20 00:06:33 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/18 19:02:40 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2010/02/18 19:02:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/18 19:02:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/11 16:51:01 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/12/09 19:01:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/09 19:01:51 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/08/31 20:24:39 | 000,000,442 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/28 16:19:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 08:44:41 | 000,000,096 | ---- | C] () -- C:\WINDOWS\Simply.ini
[2009/08/25 16:23:50 | 000,001,348 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/25 11:18:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2009/08/25 11:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/08/25 10:55:29 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/08/23 18:43:08 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 17:18:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/21 17:09:29 | 000,003,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/21 12:20:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/08/21 11:58:27 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2009/08/20 16:49:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/08/20 16:49:33 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\llpink_.dll
[2009/08/20 16:49:33 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/08/20 16:17:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/02/05 14:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\setup.txt
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2003/12/31 05:00:20 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/08/28 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/02/24 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliant
[2010/03/06 22:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect X2 Trial Version
[2010/02/21 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/03/16 22:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/03/07 10:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2009/12/09 19:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/02/21 12:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/02/16 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
[2009/08/23 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/08/24 16:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/10/12 23:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/06/27 15:41:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMRIUAV
[2010/03/31 17:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/20 21:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/15 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/23 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2010/03/24 11:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/23 09:27:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/02/24 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aliant
[2010/03/06 20:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chief Architect X2 Trial Version
[2010/04/23 09:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
[2010/03/06 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/06/20 20:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2009/12/09 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics
[2010/10/06 20:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/02/16 12:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAGIX
[2009/08/23 18:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/10/12 23:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/06/28 18:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2010/06/20 21:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2010/04/15 18:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2010/03/27 12:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/09/28 17:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/04/15 18:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/10/13 19:30:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/10/13 10:49:51 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job

========== Purity Check ==========



< End of report >




Here are the reports.

Thank you

 

Any change?

 

Running a little better got some speed. Audio is good but video is still very slow. - it stops and then has to catch up to the audio which is still playing fine.

 

Is that an on-line video, or from the drive?

Download gmer.zip: http://www.gmer.net/files.php
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

 

These are online videos but my Dad's hotmail account has just sent out two emails to everybody on his contact list by itself.

 

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-14 11:33:44
Windows 5.1.2600 Service Pack 3
Running: pr8lolfo.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgecrfog.sys


---- System - GMER 1.0.15 ----

SSDT 81689308 ZwAlertResumeThread
SSDT 816893E8 ZwAlertThread
SSDT 816B4BA0 ZwAllocateVirtualMemory
SSDT 8172F698 ZwAssignProcessToJobObject
SSDT 818346F8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA53C3E0]
SSDT 816C0968 ZwCreateMutant
SSDT 81734468 ZwCreateSymbolicLinkObject
SSDT 81774E48 ZwCreateThread
SSDT 8172F778 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA53C660]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA53CBC0]
SSDT 817B5D98 ZwDuplicateObject
SSDT 8168D9D8 ZwFreeVirtualMemory
SSDT 81678BD8 ZwImpersonateAnonymousToken
SSDT 81678CB8 ZwImpersonateThread
SSDT 8163C1F0 ZwLoadDriver
SSDT 81770E00 ZwMapViewOfSection
SSDT 816C08A8 ZwOpenEvent
SSDT 817E98B8 ZwOpenProcess
SSDT 8169DB48 ZwOpenProcessToken
SSDT 81684450 ZwOpenSection
SSDT 817C5B38 ZwOpenThread
SSDT 81734558 ZwProtectVirtualMemory
SSDT 81688960 ZwResumeThread
SSDT 81688B60 ZwSetContextThread
SSDT 8168D4E8 ZwSetInformationProcess
SSDT 81684308 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA53CE10]
SSDT 816C07C8 ZwSuspendProcess
SSDT 816889E0 ZwSuspendThread
SSDT 81909E98 ZwTerminateProcess
SSDT 81688AA0 ZwTerminateThread
SSDT 8168D5B8 ZwUnmapViewOfSection
SSDT 8168DAA8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2714 80501F4C 4 Bytes CALL 14D18825
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2592] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040098F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 027D003A

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



The log as requested.

Thanks

 

It looks like norton did not install correctly as SYMEFA.SYS is missing. Try installing again.

==

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

I couldn't get Kaspersky to load all databases. It would get stuck. I left it for about 2.5 hours and it only downloaded 17%. I tried again and it also got stuck, only I didn't wait for the 2 hours. Is there another option?

I reinstalled Norton and then searched for SYMEFA.SYS. The search found it.

 

Try this one instead:

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

​

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan ​

• Trend Micro HouseCall ​

• F-Secure Online Virus Scanner ​

 

ESET Log

C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_DB2AD1D57F934B2B8447E9A41A55FD1B\p1v1_PPIRegistryReviver_w.exe a variant of Win32/Adware.RegistryReviver application
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_DB2AD1D57F934B2B8447E9A41A55FD1B\PPIRegistryReviverSetup.exe a variant of Win32/Adware.RegistryReviver application
C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe a variant of Win32/Adware.RegistryReviver application

 

If you go back and redo the Eset scan, you will be able to remove those entries.

Let me know how things are after you have done.

 

Computer seems to be running a bit better, but still slow when opening Firefox or Live etx. once opened, it seems to be running ok except video really lags. Ran ESET again and removed the entries. Every time I post an entry to this forum, i get a redirection to

Thanks